This email is automatically generated. The test result is based on the following git commit: 49d8c8b Support Xen domctl v8 Analysis summary report: ------------------------ Files analyzed : 235 Total LoC input to cov-analyze : 330902 Functions analyzed : 8031 Paths analyzed : 940313 Defect occurrences found : 110 Total 7 ATOMICITY 5 CHECKED_RETURN 15 DEADCODE 6 FORWARD_NULL 13 LOCK 2 NEGATIVE_RETURNS 1 NULL_RETURNS 9 RESOURCE_LEAK 1 RETURN_LOCAL 12 REVERSE_INULL 3 SECURE_TEMP 2 STRING_NULL 12 TAINTED_SCALAR 4 TAINTED_STRING 12 TOCTOU 4 UNINIT 2 UNUSED_VALUE Exceeded path limit of 5000 paths in 0.47% of functions (normally up to 5% of functions encounter this limitation) For details, please see attachment. Regards, Alex
Error: ATOMICITY: /libvirt/src/util/event_poll.c:603: lock: Locking "eventLoop.lock.lock". /libvirt/src/util/event_poll.c:610: def: Assigning: "fds" = data that might be protected by the lock. /libvirt/src/util/event_poll.c:614: unlock: Unlocking "eventLoop.lock.lock". "fds" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/util/event_poll.c:632: lockagain: Locking "eventLoop.lock.lock" again. /libvirt/src/util/event_poll.c:636: use: Using an unreliable value of "fds" inside the second locked section. If the data that "fds" depends on was changed by another thread, this use might be incorrect. Error: ATOMICITY: /libvirt/src/rpc/virnetclientstream.c:386: lock: Locking "st->lock.lock". /libvirt/src/rpc/virnetclientstream.c:397: def: Assigning: "msg" = data that might be protected by the lock. /libvirt/src/rpc/virnetclientstream.c:410: unlock: Unlocking "st->lock.lock". "msg" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/rpc/virnetclientstream.c:412: lockagain: Locking "st->lock.lock" again. /libvirt/src/rpc/virnetclientstream.c:413: use: Using an unreliable value of "msg" inside the second locked section. If the data that "msg" depends on was changed by another thread, this use might be incorrect. Error: ATOMICITY: /libvirt/src/rpc/virnetclientstream.c:96: lock: Locking "st->lock.lock". /libvirt/src/rpc/virnetclientstream.c:109: def: Assigning: "cbOpaque" = data that might be protected by the lock. /libvirt/src/rpc/virnetclientstream.c:113: unlock: Unlocking "st->lock.lock". "cbOpaque" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/rpc/virnetclientstream.c:115: lockagain: Locking "st->lock.lock" again. /libvirt/src/rpc/virnetclientstream.c:119: use: Using an unreliable value of "cbOpaque" inside the second locked section. If the data that "cbOpaque" depends on was changed by another thread, this use might be incorrect. Error: ATOMICITY: /libvirt/src/util/threadpool.c:95: lock: Locking "pool->mutex.lock". /libvirt/src/util/threadpool.c:129: def: Assigning: "pool->jobList.firstPrio" = data that might be protected by the lock. /libvirt/src/util/threadpool.c:143: unlock: Unlocking "pool->mutex.lock". "pool->jobList.firstPrio" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/util/threadpool.c:146: lockagain: Locking "pool->mutex.lock" again. /libvirt/src/util/threadpool.c:116: use: Using an unreliable value of "pool->jobList.firstPrio" inside the second locked section. If the data that "pool->jobList.firstPrio" depends on was changed by another thread, this use might be incorrect. Error: ATOMICITY: /libvirt/src/util/threadpool.c:146: lock: Locking "pool->mutex.lock". /libvirt/src/util/threadpool.c:129: def: Assigning: "pool->jobList.firstPrio" = data that might be protected by the lock. /libvirt/src/util/threadpool.c:143: unlock: Unlocking "pool->mutex.lock". "pool->jobList.firstPrio" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/util/threadpool.c:146: lockagain: Locking "pool->mutex.lock" again. /libvirt/src/util/threadpool.c:116: use: Using an unreliable value of "pool->jobList.firstPrio" inside the second locked section. If the data that "pool->jobList.firstPrio" depends on was changed by another thread, this use might be incorrect. Error: ATOMICITY: /libvirt/src/util/threadpool.c:146: lock: Locking "pool->mutex.lock". /libvirt/src/util/threadpool.c:135: def: Assigning: "pool->jobList.head" = data that might be protected by the lock. /libvirt/src/util/threadpool.c:143: unlock: Unlocking "pool->mutex.lock". "pool->jobList.head" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/util/threadpool.c:146: lockagain: Locking "pool->mutex.lock" again. /libvirt/src/util/threadpool.c:118: use: Using an unreliable value of "pool->jobList.head" inside the second locked section. If the data that "pool->jobList.head" depends on was changed by another thread, this use might be incorrect. Error: ATOMICITY: /libvirt/src/fdstream.c:146: lock: Locking "fdst->lock.lock". /libvirt/src/fdstream.c:153: def: Assigning: "cbopaque" = data that might be protected by the lock. /libvirt/src/fdstream.c:156: unlock: Unlocking "fdst->lock.lock". "cbopaque" might now be unreliable because other threads can now change the data that it depends on. /libvirt/src/fdstream.c:160: lockagain: Locking "fdst->lock.lock" again. /libvirt/src/fdstream.c:163: use: Using an unreliable value of "cbopaque" inside the second locked section. If the data that "cbopaque" depends on was changed by another thread, this use might be incorrect. Error: CHECKED_RETURN: /libvirt/daemon/libvirtd.c:844: example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0". /libvirt/daemon/libvirtd.c:937: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:943: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:300: example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0". /libvirt/daemon/libvirtd.c:793: example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1". /libvirt/src/conf/network_conf.c:587: check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times). /libvirt/src/conf/network_conf.c:587: unchecked_value: No check of the return value of "virAsprintf(&name, dcgettext("libvirt", "Service name is too long, limit is %d bytes", 5), 482)". Error: CHECKED_RETURN: /libvirt/daemon/libvirtd.c:844: example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0". /libvirt/daemon/libvirtd.c:937: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:943: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:300: example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0". /libvirt/daemon/libvirtd.c:793: example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1". /libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2888: check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times). /libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2888: unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")". Error: CHECKED_RETURN: /libvirt/daemon/libvirtd.c:844: example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0". /libvirt/daemon/libvirtd.c:937: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:943: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:300: example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0". /libvirt/daemon/libvirtd.c:793: example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1". /libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891: check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times). /libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891: unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)". Error: CHECKED_RETURN: /libvirt/daemon/libvirtd.c:844: example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0". /libvirt/daemon/libvirtd.c:937: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:943: example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)". /libvirt/daemon/libvirtd.c:947: example_checked: "ret" has its value checked in "ret < 0". /libvirt/daemon/libvirtd.c:300: example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0". /libvirt/daemon/libvirtd.c:793: example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1". /libvirt/src/qemu/qemu_process.c:2421: check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times). /libvirt/src/qemu/qemu_process.c:2421: unchecked_value: No check of the return value of "virAsprintf(&msg, "was paused (%s)", virDomainPausedReasonTypeToString(reason))". Error: CHECKED_RETURN: /libvirt/tools/virsh.c:3425: example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0". /libvirt/tools/virsh.c:2956: example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0". /libvirt/tools/virsh.c:6295: example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0". /libvirt/tools/virsh.c:2630: example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0". /libvirt/tools/virsh.c:6491: check_return: Calling function "pthread_sigmask" without checking return value (as is done elsewhere 4 out of 5 times). /libvirt/tools/virsh.c:6491: unchecked_value: No check of the return value of "pthread_sigmask(0, &sigmask, &oldsigmask)". Error: DEADCODE: /libvirt/gnulib/lib/strerror_r.c:155: dead_error_condition: On this path, the condition "msg" cannot be true. /libvirt/gnulib/lib/strerror_r.c:153: const: After this line, the value of "msg" is equal to 0. /libvirt/gnulib/lib/strerror_r.c:153: assignment: Assigning: "msg" = "NULL". /libvirt/gnulib/lib/strerror_r.c:156: dead_error_line: Execution cannot reach this statement "return safe_copy(buf, bufle...". Error: DEADCODE: /libvirt/gnulib/lib/strerror.c:47: dead_error_condition: On this path, the condition "msg" cannot be true. /libvirt/gnulib/lib/strerror.c:46: const: After this line, the value of "msg" is equal to 0. /libvirt/gnulib/lib/strerror.c:46: assignment: Assigning: "msg" = "NULL". /libvirt/gnulib/lib/strerror.c:48: dead_error_line: Execution cannot reach this statement "return (char *)msg;". Error: DEADCODE: /libvirt/src/rpc/virnetclient.c:334: dead_error_condition: On this path, the condition "ka" cannot be true. /libvirt/src/rpc/virnetclient.c:276: const: After this line, the value of "ka" is equal to 0. /libvirt/src/rpc/virnetclient.c:314: const: After this line, the value of "ka" is equal to 0. /libvirt/src/rpc/virnetclient.c:276: assignment: Assigning: "ka" = "NULL". /libvirt/src/rpc/virnetclient.c:314: new_values: Noticing condition "ka = virKeepAliveNew(-1, 0U, client, virNetClientKeepAliveSendCB, virNetClientKeepAliveDeadCB, virNetClientEventFree)". /libvirt/src/rpc/virnetclient.c:335: dead_error_begin: Execution cannot reach this statement "virKeepAliveStop(ka);". Error: DEADCODE: /libvirt/src/libvirt.c:8635: dead_error_condition: On this path, the condition "maplen < 0" cannot be true. /libvirt/src/libvirt.c:8635: at_least: After this line, the value of "maplen" is at least 1. /libvirt/src/libvirt.c:8635: new_values: Noticing condition "maplen <= 0". /libvirt/src/libvirt.c:8635: dead_error_line: Execution cannot reach this expression "0 < maxinfo" inside statement "if (!cpumaps ? maplen != 0 ...". Error: DEADCODE: /libvirt/src/libvirt.c:8635: dead_error_condition: On this path, the condition "maxinfo < 0" cannot be true. /libvirt/src/libvirt.c:8628: at_least: After this line, the value of "maxinfo" is at least 1. /libvirt/src/libvirt.c:8628: new_values: Noticing condition "maxinfo < 1". /libvirt/src/libvirt.c:8635: dead_error_line: Execution cannot reach this expression "0 < maplen" inside statement "if (!cpumaps ? maplen != 0 ...". Error: DEADCODE: /libvirt/src/libvirt.c:8635: dead_error_condition: On this path, the condition "maplen < 0" cannot be true. /libvirt/src/libvirt.c:8635: at_least: After this line, the value of "maplen" is at least 1. /libvirt/src/libvirt.c:8635: new_values: Noticing condition "maplen < 0". /libvirt/src/libvirt.c:8635: new_values: Noticing condition "maplen <= 0". /libvirt/src/libvirt.c:8635: dead_error_line: Execution cannot reach this expression "maxinfo < 0" inside statement "if (!cpumaps ? maplen != 0 ...". Error: DEADCODE: /libvirt/src/libvirt.c:8635: dead_error_condition: On this path, the condition "maplen == 0" cannot be true. /libvirt/src/libvirt.c:8635: at_least: After this line, the value of "maplen" is at least 1. /libvirt/src/libvirt.c:8635: new_values: Noticing condition "maplen < 0". /libvirt/src/libvirt.c:8635: new_values: Noticing condition "maplen <= 0". /libvirt/src/libvirt.c:8635: dead_error_line: Execution cannot reach this expression "0" inside statement "if (!cpumaps ? maplen != 0 ...". Error: DEADCODE: /libvirt/src/libvirt.c:8635: dead_error_condition: On this path, the condition "maxinfo < 0" cannot be true. /libvirt/src/libvirt.c:8628: at_least: After this line, the value of "maxinfo" is at least 1. /libvirt/src/libvirt.c:8635: at_least: After this line, the value of "maxinfo" is at least 1. /libvirt/src/libvirt.c:8635: new_values: Noticing condition "maxinfo < 0". /libvirt/src/libvirt.c:8628: new_values: Noticing condition "maxinfo < 1". /libvirt/src/libvirt.c:8635: dead_error_line: Execution cannot reach this expression "maxinfo" inside statement "if (!cpumaps ? maplen != 0 ...". Error: DEADCODE: /libvirt/src/libvirt.c:8556: dead_error_condition: On this path, the condition "maplen < 0" cannot be true. /libvirt/src/libvirt.c:8556: at_least: After this line, the value of "maplen" is at least 1. /libvirt/src/libvirt.c:8556: new_values: Noticing condition "maplen <= 0". /libvirt/src/libvirt.c:8556: dead_error_line: Execution cannot reach this expression "0 < ncpumaps" inside statement "if (ncpumaps < 1 || !cpumap...". Error: DEADCODE: /libvirt/src/libvirt.c:8556: dead_error_condition: On this path, the condition "ncpumaps < 0" cannot be true. /libvirt/src/libvirt.c:8556: at_least: After this line, the value of "ncpumaps" is at least 1. /libvirt/src/libvirt.c:8556: new_values: Noticing condition "ncpumaps < 1". /libvirt/src/libvirt.c:8556: dead_error_line: Execution cannot reach this expression "0 < maplen" inside statement "if (ncpumaps < 1 || !cpumap...". Error: DEADCODE: /libvirt/src/libvirt.c:8556: dead_error_condition: On this path, the condition "maplen < 0" cannot be true. /libvirt/src/libvirt.c:8556: at_least: After this line, the value of "maplen" is at least 1. /libvirt/src/libvirt.c:8556: new_values: Noticing condition "maplen < 0". /libvirt/src/libvirt.c:8556: new_values: Noticing condition "maplen <= 0". /libvirt/src/libvirt.c:8556: dead_error_line: Execution cannot reach this expression "ncpumaps < 0" inside statement "if (ncpumaps < 1 || !cpumap...". Error: DEADCODE: /libvirt/src/libvirt.c:8556: dead_error_condition: On this path, the condition "maplen == 0" cannot be true. /libvirt/src/libvirt.c:8556: at_least: After this line, the value of "maplen" is at least 1. /libvirt/src/libvirt.c:8556: new_values: Noticing condition "maplen < 0". /libvirt/src/libvirt.c:8556: new_values: Noticing condition "maplen <= 0". /libvirt/src/libvirt.c:8556: dead_error_line: Execution cannot reach this expression "0" inside statement "if (ncpumaps < 1 || !cpumap...". Error: DEADCODE: /libvirt/src/libvirt.c:8556: dead_error_condition: On this path, the condition "ncpumaps < 0" cannot be true. /libvirt/src/libvirt.c:8556: at_least: After this line, the value of "ncpumaps" is at least 1. /libvirt/src/libvirt.c:8556: new_values: Noticing condition "ncpumaps < 0". /libvirt/src/libvirt.c:8556: new_values: Noticing condition "ncpumaps < 1". /libvirt/src/libvirt.c:8556: dead_error_line: Execution cannot reach this expression "ncpumaps" inside statement "if (ncpumaps < 1 || !cpumap...". Error: DEADCODE: /libvirt/src/qemu/qemu_driver.c:8199: dead_error_condition: On this path, the condition "group" cannot be true. /libvirt/src/qemu/qemu_driver.c:8079: const: After this line, the value of "group" is equal to 0. /libvirt/src/qemu/qemu_driver.c:8079: assignment: Assigning: "group" = "NULL". /libvirt/src/qemu/qemu_driver.c:8200: dead_error_line: Execution cannot reach this statement "virCgroupFree(&group);". Error: DEADCODE: /libvirt/src/lxc/lxc_controller.c:885: dead_error_condition: On this path, the condition "ret == 4" cannot be true. /libvirt/src/lxc/lxc_controller.c:884: at_most: After this line, the value of "ret" is at most -1. /libvirt/src/lxc/lxc_controller.c:884: new_values: Noticing condition "ret < 0". /libvirt/src/lxc/lxc_controller.c:886: dead_error_line: Execution cannot reach this statement "continue;". Error: FORWARD_NULL: /libvirt/src/util/command.c:1604: var_compare_op: Comparing "cmd->errbuf" to null implies that "cmd->errbuf" might be null. /libvirt/src/util/command.c:1661: alias_transfer: Assigning null: "buf" = "cmd->errbuf". /libvirt/src/util/command.c:1683: var_deref_model: Passing null variable "buf" to function "virReallocN", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) Error: FORWARD_NULL: /libvirt/src/util/command.c:1597: var_compare_op: Comparing "cmd->outbuf" to null implies that "cmd->outbuf" might be null. /libvirt/src/util/command.c:1658: alias_transfer: Assigning null: "buf" = "cmd->outbuf". /libvirt/src/util/command.c:1683: var_deref_model: Passing null variable "buf" to function "virReallocN", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) Error: FORWARD_NULL: /libvirt/src/rpc/virnetserver.c:726: var_compare_op: Comparing "srv->clients" to null implies that "srv->clients" might be null. /libvirt/src/rpc/virnetserver.c:748: var_deref_op: Dereferencing null variable "srv->clients". Error: FORWARD_NULL: /libvirt/tools/virsh.c:15212: var_compare_op: Comparing "from" to null implies that "from" might be null. /libvirt/tools/virsh.c:15213: var_deref_model: Passing null variable "from" to function "__coverity_strcmp", which dereferences it. Error: FORWARD_NULL: /libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3580: var_compare_op: Comparing "inst" to null implies that "inst" might be null. /libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3587: var_deref_op: Dereferencing null variable "inst". Error: FORWARD_NULL: /libvirt/src/qemu/qemu_driver.c:6438: assign_zero: Assigning: "group" = 0. /libvirt/src/qemu/qemu_driver.c:6544: var_deref_model: Passing null variable "group" to function "virCgroupGetMemoryHardLimit", which dereferences it. /libvirt/src/util/cgroup.c:1106: deref_parm_in_call: Function "virCgroupGetValueU64" dereferences parameter "group". /libvirt/src/util/cgroup.c:434: deref_parm_in_call: Function "virCgroupGetValueStr" dereferences parameter "group". /libvirt/src/util/cgroup.c:343: deref_parm_in_call: Function "virCgroupPathOfController" dereferences parameter "group". /libvirt/src/util/cgroup.c:280: deref_parm: Directly dereferencing parameter "group". Error: LOCK: /libvirt/src/datatypes.c:406: lock: "virMutexLock" locks "network->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:413: missing_unlock: Returning without unlocking "network->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:1067: lock: "virMutexLock" locks "secret->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:1074: missing_unlock: Returning without unlocking "secret->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:144: lock: "virMutexLock" locks "conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:151: missing_unlock: Returning without unlocking "conn->lock.lock". Error: LOCK: /libvirt/src/util/event_poll.c:441: lock: "virMutexLock" locks "eventLoop.lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/util/event_poll.c:444: missing_unlock: Returning without unlocking "eventLoop.lock.lock". Error: LOCK: /libvirt/src/nwfilter/nwfilter_learnipaddr.c:180: lock: "virMutexLock" locks "ifaceLock->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/nwfilter/nwfilter_learnipaddr.c:182: missing_unlock: Returning without unlocking "ifaceLock->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:275: lock: "virMutexLock" locks "domain->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:282: missing_unlock: Returning without unlocking "domain->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:1125: lock: "virMutexLock" locks "st->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:1132: missing_unlock: Returning without unlocking "st->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:676: lock: "virMutexLock" locks "pool->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:683: missing_unlock: Returning without unlocking "pool->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:1351: lock: "virMutexLock" locks "snapshot->domain->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:1358: missing_unlock: Returning without unlocking "snapshot->domain->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:820: lock: "virMutexLock" locks "vol->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:827: missing_unlock: Returning without unlocking "vol->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:938: lock: "virMutexLock" locks "dev->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:945: missing_unlock: Returning without unlocking "dev->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:1260: lock: "virMutexLock" locks "nwfilter->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:1268: missing_unlock: Returning without unlocking "nwfilter->conn->lock.lock". Error: LOCK: /libvirt/src/datatypes.c:542: lock: "virMutexLock" locks "iface->conn->lock.lock". /libvirt/src/util/threads-pthread.c:85: lock: "pthread_mutex_lock" locks "m->lock". /libvirt/src/datatypes.c:549: missing_unlock: Returning without unlocking "iface->conn->lock.lock". Error: NEGATIVE_RETURNS: /libvirt/src/util/buf.c:147: negative_return_fn: Function "virBufferGetIndent(buf, true)" returns a negative number. /libvirt/src/util/buf.c:89: return_negative_constant: Explicitly returning negative value "-1". /libvirt/src/util/buf.c:147: var_assign: Assigning: signed variable "indent" = "virBufferGetIndent". /libvirt/src/util/buf.c:157: negative_returns: "indent" is passed to a parameter that cannot be negative. Error: NEGATIVE_RETURNS: /libvirt/src/util/command.c:1620: var_tested_neg: Variable "infd" tests negative. /libvirt/src/util/command.c:1699: negative_returns: "infd" is passed to a parameter that cannot be negative. Error: NULL_RETURNS: /libvirt/src/qemu/qemu_hostdev.c:102: example_checked: "pciDeviceListFind(driver->activePciHostdevs, dev)" has its value checked in "activeDev = pciDeviceListFind(driver->activePciHostdevs, dev)". /libvirt/src/qemu/qemu_hostdev.c:493: example_assign: Assigning: "activeDev" = return value from "pciDeviceListFind(driver->activePciHostdevs, dev)". /libvirt/src/qemu/qemu_hostdev.c:494: example_checked: "activeDev" has its value checked in "activeDev". /libvirt/src/qemu/qemu_hostdev.c:196: example_checked: "pciDeviceListFind(driver->activePciHostdevs, dev)" has its value checked in "other = pciDeviceListFind(driver->activePciHostdevs, dev)". /libvirt/src/qemu/qemu_hostdev.c:268: example_checked: "pciDeviceListFind(pcidevs, dev)" has its value checked in "pcidev = pciDeviceListFind(pcidevs, dev)". /libvirt/src/util/pci.c:1488: example_checked: "pciDeviceListFind(list, dev)" has its value checked in "pciDeviceListFind(list, dev)". /libvirt/src/qemu/qemu_hostdev.c:243: returned_null: Function "pciDeviceListFind" returns null (checked 9 out of 10 times). /libvirt/src/util/pci.c:1572: return_null: Explicitly returning NULL. /libvirt/src/qemu/qemu_hostdev.c:243: var_assigned: Assigning: "activeDev" = null return value from "pciDeviceListFind". /libvirt/src/qemu/qemu_hostdev.c:245: dereference: Dereferencing a pointer that might be null "activeDev" when calling "pciDeviceSetUsedBy". /libvirt/src/util/pci.c:1436: deref_parm: Directly dereferencing parameter "dev". Error: RESOURCE_LEAK: /libvirt/src/util/uuid.c:238: open_fn: Calling opening function "open". /libvirt/src/util/uuid.c:238: var_assign: Assigning: "fd" = handle returned from "open(paths[i], 0)". /libvirt/src/util/uuid.c:239: off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. Did you intend to include equality with zero? "fd" leaks when it is zero. /libvirt/src/util/uuid.c:247: leaked_handle: Handle variable "fd" going out of scope leaks the handle. Error: RESOURCE_LEAK: /libvirt/src/qemu/qemu_hostdev.c:333: alloc_fn: Calling allocation function "usbDeviceListNew". /libvirt/src/util/hostusb.c:274: alloc_arg: "virAlloc" allocates memory that is stored into "list". /libvirt/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc". /libvirt/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)". /libvirt/src/util/hostusb.c:279: return_alloc: Returning allocated memory "list". /libvirt/src/qemu/qemu_hostdev.c:333: var_assign: Assigning: "list" = storage returned from "usbDeviceListNew()". /libvirt/src/qemu/qemu_hostdev.c:374: noescape: Variable "list" is not freed or pointed-to in function "usbDeviceListAdd". /libvirt/src/util/hostusb.c:298:33: noescape: "usbDeviceListAdd" does not free or save its pointer parameter "list". /libvirt/src/qemu/qemu_hostdev.c:354: leaked_storage: Variable "list" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /libvirt/src/esx/esx_vi.c:1893: alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec". /libvirt/src/esx/esx_vi_types.generated.c:2065: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr". /libvirt/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr". /libvirt/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc". /libvirt/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)". /libvirt/src/esx/esx_vi.c:2006: leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /libvirt/src/esx/esx_vi.c:1945: alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec". /libvirt/src/esx/esx_vi_types.generated.c:2693: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr". /libvirt/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr". /libvirt/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc". /libvirt/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)". /libvirt/src/esx/esx_vi.c:2006: leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /libvirt/src/nodeinfo.c:587: alloc_fn: Calling allocation function "fopen". /libvirt/src/nodeinfo.c:587: var_assign: Assigning: "cpuinfo" = storage returned from "fopen("/proc/cpuinfo", "r")". /libvirt/src/nodeinfo.c:596: leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /libvirt/src/esx/esx_vi.c:3913: alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec". /libvirt/src/esx/esx_vi_types.generated.c:2065: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr". /libvirt/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr". /libvirt/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc". /libvirt/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)". /libvirt/src/esx/esx_vi.c:4075: leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /libvirt/src/esx/esx_vi.c:3920: alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec". /libvirt/src/esx/esx_vi_types.generated.c:2693: alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr". /libvirt/src/esx/esx_vi.c:1626: alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr". /libvirt/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc". /libvirt/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)". /libvirt/src/esx/esx_vi.c:4075: leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /libvirt/daemon/libvirtd.c:200: open_fn: Calling opening function "open". /libvirt/daemon/libvirtd.c:200: var_assign: Assigning: "stdinfd" = handle returned from "open("/dev/null", 0)". /libvirt/daemon/libvirtd.c:204: noescape: Variable "stdinfd" is not closed or saved in function "dup2". /libvirt/daemon/libvirtd.c:221: leaked_handle: Handle variable "stdinfd" going out of scope leaks the handle. Error: RESOURCE_LEAK: /libvirt/daemon/libvirtd.c:202: open_fn: Calling opening function "open". /libvirt/daemon/libvirtd.c:202: var_assign: Assigning: "stdoutfd" = handle returned from "open("/dev/null", 1)". /libvirt/daemon/libvirtd.c:206: noescape: Variable "stdoutfd" is not closed or saved in function "dup2". /libvirt/daemon/libvirtd.c:208: noescape: Variable "stdoutfd" is not closed or saved in function "dup2". /libvirt/daemon/libvirtd.c:221: leaked_handle: Handle variable "stdoutfd" going out of scope leaks the handle. Error: RETURN_LOCAL: /libvirt/gnulib/lib/careadlinkat.c:101: local_ptr_assign_local: Assigning: "buffer" = "stack_buf" (address of local variable "stack_buf"). /libvirt/gnulib/lib/careadlinkat.c:105: local_ptr_assign_ptr: Assigning: "buf" = "buffer". /libvirt/gnulib/lib/careadlinkat.c:152: return_local_addr_alias: Returning pointer "buf" which points to local variable "stack_buf". Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1875: deref_ptr_in_call: Dereferencing pointer "machineName". /libvirt/src/vbox/vbox_tmpl.c:1934: check_after_deref: Dereferencing "machineName" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1875: deref_ptr_in_call: Dereferencing pointer "machineName". /libvirt/src/vbox/vbox_tmpl.c:1934: check_after_deref: Dereferencing "machineName" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1387: deref_ptr_in_call: Dereferencing pointer "machineNameUtf8". /libvirt/src/vbox/vbox_tmpl.c:1412: check_after_deref: Dereferencing "machineNameUtf8" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1387: deref_ptr_in_call: Dereferencing pointer "machineNameUtf8". /libvirt/src/vbox/vbox_tmpl.c:1412: check_after_deref: Dereferencing "machineNameUtf8" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1387: deref_ptr_in_call: Dereferencing pointer "machineNameUtf8". /libvirt/src/vbox/vbox_tmpl.c:1412: check_after_deref: Dereferencing "machineNameUtf8" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1387: deref_ptr_in_call: Dereferencing pointer "machineNameUtf8". /libvirt/src/vbox/vbox_tmpl.c:1412: check_after_deref: Dereferencing "machineNameUtf8" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1875: deref_ptr_in_call: Dereferencing pointer "machineName". /libvirt/src/vbox/vbox_tmpl.c:1934: check_after_deref: Dereferencing "machineName" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1387: deref_ptr_in_call: Dereferencing pointer "machineNameUtf8". /libvirt/src/vbox/vbox_tmpl.c:1412: check_after_deref: Dereferencing "machineNameUtf8" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1875: deref_ptr_in_call: Dereferencing pointer "machineName". /libvirt/src/vbox/vbox_tmpl.c:1934: check_after_deref: Dereferencing "machineName" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1875: deref_ptr_in_call: Dereferencing pointer "machineName". /libvirt/src/vbox/vbox_tmpl.c:1934: check_after_deref: Dereferencing "machineName" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1875: deref_ptr_in_call: Dereferencing pointer "machineName". /libvirt/src/vbox/vbox_tmpl.c:1934: check_after_deref: Dereferencing "machineName" before a null check. Error: REVERSE_INULL: /libvirt/src/vbox/vbox_tmpl.c:1387: deref_ptr_in_call: Dereferencing pointer "machineNameUtf8". /libvirt/src/vbox/vbox_tmpl.c:1412: check_after_deref: Dereferencing "machineNameUtf8" before a null check. Error: SECURE_TEMP: /libvirt/src/secret/secret_driver.c:174: secure_temp: Calling "mkstemp" without securely setting umask first. Error: SECURE_TEMP: /libvirt/src/qemu/qemu_driver.c:8368: secure_temp: Calling "mkstemp" without securely setting umask first. Error: SECURE_TEMP: /libvirt/src/qemu/qemu_driver.c:3084: secure_temp: Calling "mkstemp" without securely setting umask first. Error: STRING_NULL: /libvirt/src/util/uuid.c:272: string_null_argument: Function "getDMISystemUUID" does not terminate string "*dmiuuid". /libvirt/src/util/uuid.c:240: string_null_argument: Function "saferead" fills array "*uuid" with a non-terminated string. /libvirt/src/util/util.c:100: string_null_argument: Function "read" fills array "*buf" with a non-terminated string. /libvirt/src/util/uuid.c:273: string_null: Passing unterminated string "dmiuuid" to a function expecting a null-terminated string. /libvirt/src/util/uuid.c:137: var_assign_parm: Assigning: "cur" = "uuidstr". They now point to the same thing. /libvirt/src/util/uuid.c:163: string_null_sink_loop: Searching for null termination in an unterminated array "cur". Error: STRING_NULL: /libvirt/src/node_device/node_device_linux_sysfs.c:80: string_null_argument: Function "saferead" does not terminate string "*buf". /libvirt/src/util/util.c:100: string_null_argument: Function "read" fills array "*buf" with a non-terminated string. /libvirt/src/node_device/node_device_linux_sysfs.c:87: string_null: Passing unterminated string "buf" to a function expecting a null-terminated string. Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:364: tainted_data_return: Function "pciRead8" returns tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:364: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:374: tainted_data: Passing tainted variable "pos" to a tainted sink. /libvirt/src/util/pci.c:228: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". /libvirt/src/util/pci.c:381: tainted_data: Passing tainted variable "pos + 1" to a tainted sink. /libvirt/src/util/pci.c:228: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:374: tainted_data: Passing tainted variable "pos" to a tainted sink. /libvirt/src/util/pci.c:228: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returns tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:381: tainted_data: Passing tainted variable "pos + 1" to a tainted sink. /libvirt/src/util/pci.c:228: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:374: tainted_data: Passing tainted variable "pos" to a tainted sink. /libvirt/src/util/pci.c:228: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returns tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:442: tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data. /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returning tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:378: return_tainted_data: Returning tainted variable "pos". /libvirt/src/util/pci.c:442: var_assign: Assigning: "pos" = "pciFindCapabilityOffset", which taints "pos". /libvirt/src/util/pci.c:444: tainted_data: Passing tainted variable "pos + 3" to a tainted sink. /libvirt/src/util/pci.c:236: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:733: tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data. /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returning tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:378: return_tainted_data: Returning tainted variable "pos". /libvirt/src/util/pci.c:733: var_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset", which taints "dev->pcie_cap_pos". /libvirt/src/util/pci.c:735: tainted_data: Passing tainted variable "dev->pcie_cap_pos" to a tainted sink. /libvirt/src/util/pci.c:431: tainted_data_sink_lv_call: Passing tainted variable "dev->pcie_cap_pos + 4U" to tainted data sink "pciRead32". /libvirt/src/util/pci.c:244: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:734: tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data. /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returning tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:378: return_tainted_data: Returning tainted variable "pos". /libvirt/src/util/pci.c:734: var_assign: Assigning: "dev->pci_pm_cap_pos" = "pciFindCapabilityOffset", which taints "dev->pci_pm_cap_pos". /libvirt/src/util/pci.c:739: tainted_data: Passing tainted variable "dev->pci_pm_cap_pos" to a tainted sink. /libvirt/src/util/pci.c:486: tainted_data_sink_lv_call: Passing tainted variable "dev->pci_pm_cap_pos + 4U" to tainted data sink "pciRead32". /libvirt/src/util/pci.c:244: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:1635: tainted_data_argument: Calling function "pciInitDevice" taints argument "dev->pcie_cap_pos". /libvirt/src/util/pci.c:733: tainted_data_return: "pciFindCapabilityOffset" returns tainted data. /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returning tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:378: return_tainted_data: Returning tainted variable "pos". /libvirt/src/util/pci.c:733: parm_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset(dev, 16U)", which taints "dev->pcie_cap_pos". /libvirt/src/util/pci.c:1638: var_assign_var: Assigning: "pos" = "dev->pcie_cap_pos". Both are now tainted. /libvirt/src/util/pci.c:1642: tainted_data: Passing tainted variable "pos + 2U" to a tainted sink. /libvirt/src/util/pci.c:236: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/util/pci.c:1693: tainted_data_argument: Calling function "pciDeviceDownstreamLacksACS" taints argument "parent->pcie_cap_pos". /libvirt/src/util/pci.c:1635: tainted_data_argument: Calling function "pciInitDevice" taints parameter "dev->pcie_cap_pos". /libvirt/src/util/pci.c:733: tainted_data_return: "pciFindCapabilityOffset" returns tainted data. /libvirt/src/util/pci.c:381: tainted_data_return: Function "pciRead8" returning tainted data. /libvirt/src/util/pci.c:228: tainted_data_argument: Function "pciRead" taints argument "buf". /libvirt/src/util/pci.c:214: tainted_data_argument: Calling function "saferead" taints parameter "*buf". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/util/pci.c:229: return_tainted_data: Returning tainted variable "buf". /libvirt/src/util/pci.c:381: var_assign: Assigning: "pos" = "pciRead8", which taints "pos". /libvirt/src/util/pci.c:373: lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64". /libvirt/src/util/pci.c:378: return_tainted_data: Returning tainted variable "pos". /libvirt/src/util/pci.c:733: parm_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset(dev, 16U)", which taints "dev->pcie_cap_pos". /libvirt/src/util/pci.c:1693: tainted_data: Passing tainted variable "parent->pcie_cap_pos" to a tainted sink. /libvirt/src/util/pci.c:1638: var_assign_parm: Assigning: "pos" = "dev->pcie_cap_pos". "pos" is now tainted. /libvirt/src/util/pci.c:1642: tainted_data_sink_lv_call: Passing tainted variable "pos + 2U" to tainted data sink "pciRead16". /libvirt/src/util/pci.c:236: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead". /libvirt/src/util/pci.c:214: tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek". Error: TAINTED_SCALAR: /libvirt/src/qemu/qemu_driver.c:3859: tainted_data_argument: Calling function "saferead" taints argument "header". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/qemu/qemu_driver.c:3917: tainted_data: Passing tainted variable "header.xml_len" to a tainted sink. /libvirt/src/util/util.c:99: lower_bounds: Checking lower bounds of unsigned scalar "count" by "count > 0UL". /libvirt/src/util/util.c:100: tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "read". Error: TAINTED_SCALAR: /libvirt/src/qemu/qemu_driver.c:3859: tainted_data_argument: Calling function "saferead" taints argument "header". /libvirt/src/util/util.c:100: tainted_data_argument: Calling function "read" taints parameter "*buf". /libvirt/src/qemu/qemu_driver.c:3906: lower_bounds: Checking lower bounds of unsigned scalar "header.xml_len" by "header.xml_len <= 0U". /libvirt/src/qemu/qemu_driver.c:3912: tainted_data: Passing tainted variable "header.xml_len" to a tainted sink. /libvirt/src/util/memory.c:129: tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "calloc". Error: TAINTED_SCALAR: /libvirt/src/uml/uml_driver.c:909: tainted_data_argument: Calling function "recvfrom" taints argument "res". /libvirt/src/uml/uml_driver.c:928: tainted_data: Passing tainted variable "res.length" to a tainted sink. Error: TAINTED_SCALAR: /libvirt/src/uml/uml_driver.c:909: tainted_data_argument: Calling function "recvfrom" taints argument "res". /libvirt/src/uml/uml_driver.c:929: var_assign_var: Compound assignment involving tainted variable "res.length - 1U" to variable "retlen" taints "retlen". /libvirt/src/uml/uml_driver.c:930: tainted_data: Using tainted variable "retlen" as an index to pointer "retdata". Error: TAINTED_STRING: /libvirt/src/util/virnetdevmacvlan.c:342: tainted_string_argument: Call to "fscanf(file, "%d", &ifindex)" taints "ifindex". /libvirt/src/util/virnetdevmacvlan.c:352: vararg_transitive: Call to "snprintf" with tainted argument "ifindex" taints "tapname". /libvirt/src/util/virnetdevmacvlan.c:362: tainted_string: Passing tainted string "tapname" to a function that cannot accept tainted data. Error: TAINTED_STRING: /libvirt/gnulib/lib/localcharset.c:135: tainted_string_return_content: "getenv" returns tainted string content. /libvirt/gnulib/lib/localcharset.c:135: var_assign: Assigning: "dir" = "getenv("CHARSETALIASDIR")", which taints "dir". /libvirt/gnulib/lib/localcharset.c:147: tainted_data_transitive: Call to function "memcpy" with tainted argument "dir" transitively taints "file_name". /libvirt/gnulib/lib/localcharset.c:147: tainted_data_transitive: Call to function "memcpy" with tainted argument "file_name" returns tainted data. /libvirt/gnulib/lib/localcharset.c:168: tainted_string: Passing tainted string "file_name" to a function that cannot accept tainted data. Error: TAINTED_STRING: /libvirt/tools/virsh.c:14270: tainted_string_return_content: "editWriteToTempFile" returns tainted string content. /libvirt/tools/virsh.c:13984: tainted_string_return_content: Function "getenv" returning tainted string content. /libvirt/tools/virsh.c:13984: var_assign: Assigning: "tmpdir" = "getenv("TMPDIR")", which taints "tmpdir". /libvirt/tools/virsh.c:13986: vararg_transitive: Call to "snprintf" with tainted argument "tmpdir" taints "ret". /libvirt/tools/virsh.c:14012: return_tainted_string: Returning tainted string "ret". /libvirt/tools/virsh.c:14270: var_assign: Assigning: "tmp" = "editWriteToTempFile(ctl, doc)", which taints "tmp". /libvirt/tools/virsh.c:14277: tainted_string: Passing tainted string "tmp" to a function that cannot accept tainted data. /libvirt/tools/virsh.c:14076: tainted_string_sink_content_lv_call: Passing tainted string "filename" to "virFileReadAll", which depends on its content. /libvirt/src/util/util.c:449: tainted_string_sink_content_lv_call: Passing tainted string "path" to "open", which depends on its content. /libvirt/tools/virsh.c:14322: tainted_string: Passing tainted string "tmp" to a function that cannot accept tainted data. Error: TAINTED_STRING: /libvirt/src/util/iohelper.c:238: var_assign_var: Assigning: "path" = "argv[1]". Both are now tainted. /libvirt/src/util/iohelper.c:264: tainted_string: Passing tainted string "path" to a function that cannot accept tainted data. /libvirt/src/util/iohelper.c:52: tainted_string_sink_content_lv_call: Passing tainted string "path" to "open", which depends on its content. Error: TOCTOU: /libvirt/src/util/util.c:1101: fs_check_call: Calling function "stat" to perform check on "path". /libvirt/src/util/util.c:1126: toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/util/cgroup.c:546: fs_check_call: Calling function "access" to perform check on "path". /libvirt/src/util/cgroup.c:547: toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/storage/storage_backend.c:1016: fs_check_call: Calling function "lstat" to perform check on "path". /libvirt/src/storage/storage_backend.c:1031: toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/qemu/qemu_driver.c:2318: fs_check_call: Calling function "stat" to perform check on "path". /libvirt/src/qemu/qemu_driver.c:2332: toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/util/util.c:799: fs_check_call: Calling function "stat" to perform check on "path". /libvirt/src/util/util.c:804: toctou: Calling function "chown" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. /libvirt/src/util/util.c:811: toctou: Calling function "chmod" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/locking/lock_manager.c:144: fs_check_call: Calling function "access" to perform check on "modfile". /libvirt/src/locking/lock_manager.c:151: toctou: Calling function "dlopen" that uses "modfile" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/tools/virsh.c:17834: fs_check_call: Calling function "stat" to perform check on "ctl->logfile". /libvirt/tools/virsh.c:17851: toctou: Calling function "open" that uses "ctl->logfile" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/storage/storage_backend.c:583: fs_check_call: Calling function "stat" to perform check on "vol->target.path". /libvirt/src/storage/storage_backend.c:592: toctou: Calling function "chown" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/storage/storage_backend.c:572: fs_check_call: Calling function "stat" to perform check on "vol->target.path". /libvirt/src/storage/storage_backend.c:592: toctou: Calling function "chown" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition. /libvirt/src/storage/storage_backend.c:599: toctou: Calling function "chmod" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/util/virpidfile.c:353: fs_check_call: Calling function "stat" to perform check on "path". /libvirt/src/util/virpidfile.c:319: toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/util/util.c:974: fs_check_call: Calling function "stat" to perform check on "path". /libvirt/src/util/util.c:1020: toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: TOCTOU: /libvirt/src/util/util.c:1031: fs_check_call: Calling function "stat" to perform check on "path". /libvirt/src/util/util.c:1037: toctou: Calling function "chown" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. /libvirt/src/util/util.c:1044: toctou: Calling function "chmod" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition. Error: UNINIT: /libvirt/src/util/command.c:154: var_decl: Declaring variable "sig_action" without initializer. /libvirt/src/util/command.c:234: uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction". Error: UNINIT: /libvirt/tools/virsh.c:608: var_decl: Declaring variable "sig_action" without initializer. /libvirt/tools/virsh.c:614: uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction". Error: UNINIT: /libvirt/tools/virsh.c:6429: var_decl: Declaring variable "sig_action" without initializer. /libvirt/tools/virsh.c:6446: uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction". Error: UNINIT: /libvirt/src/rpc/virnetserver.c:283: var_decl: Declaring variable "sig_action" without initializer. /libvirt/src/rpc/virnetserver.c:297: uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction". Error: UNUSED_VALUE: /libvirt/tools/virsh.c:8505: returned_pointer: Pointer "br_node" returned by "virXPathNode("./bridge", ctxt)" is never used. Error: UNUSED_VALUE: /libvirt/tools/virsh.c:8510: returned_pointer: Pointer "if_node" returned by "virXPathNode("./bridge/interface[2]", ctxt)" is never used.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list