Re: [PATCH] qemu: avoid dereference of null pointer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/04/2011 11:14 AM, Alex Jia wrote:
Also, how does checking for a non-zero union value prevent a null
dereference?

To be honest, I'm not sure this, however, it's okay for ccc-analyzer if
I add these judgements,

Is ccc-analyzer different from clang? If so, how can I set it up, to reproduce the problem you saw?

I previously saw a false positive in one of these functions (qemudDomainGetMemoryParameters) when using Coverity, but that was fixed by commit f768b4c3, but Coverity was silent for the other 4 functions you touched. I'm now trying to do a clang run to see if that differs from Coverity. The Coverity false positive was that our logic confused the static analyzers:

type var; // uninit
if (flags & _CONFIG)
  var = something
if (flags & _LIVE)
  do something else
if (flags & _CONFIG)
  use var

this pattern was enough to make the analyzers think that var could be used uninitialized, or initialized to NULL, in a setting where it must not be NULL; but once you see that it is merely a case of the analyzer getting it wrong (var is _only_ used under the same conditions where it was previously assigned earlier on), the solution is to add sa_assert() hints to the analyzers.

NACK to this patch; we need to get to the real root of why the analyzers are complaining, and fix the real bug if there is one (but I didn't see one in my manual inspection), or more likely add sa_assert() hints to silence the analyzer.

--
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]