Re: [PATCH] util: fix crash when starting macvtap interfaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/26/2012 02:57 PM, Laine Stump wrote:
On 04/26/2012 02:12 AM, Alex Jia wrote:
On 04/26/2012 04:46 AM, Eric Blake wrote:
On 04/25/2012 02:01 PM, Laine Stump wrote:
This patch resolves https://bugzilla.redhat.com/show_bug.cgi?id=815270

The function virNetDevMacVLanVPortProfileRegisterCallback() takes an
arg "virtPortProfile", and was checking it for non-NULL before using
it. However, the prototype for
virNetDevMacVLanPortProfileRegisterCallback had marked that arg with
ATTRIBUTE_NONNULL(). Contrary to what one may think,
ATTRIBUTE_NONNULL() does not provide any guarantee that an arg marked
as such really is always non-null; the only effect to the code
generated by gcc, is that gcc *assumes* it is non-NULL; this results
in, for example, the check for a non-NULL value being optimized out.

(Unfortunately, this code removal only occurs when optimization is
enabled, and I am in the habit of doing local builds with optimization
off to ease debugging, so the bug didn't show up in my earlier local
testing).

In general, virPortProfile might always be NULL, so it shouldn't be
marked as ATTRIBUTE_NONNULL. One other function prototype made this
same error, so this patch fixes it as well.
Might be worth linking to
  http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17308

---
  src/util/virnetdevmacvlan.h |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
ACK.  What an insidious bug.

As Laine and I discussed on IRC, I'm half wondering if we should just do:

#ifdef STATIC_ANALYSIS&&  /* attributes supported */
# define ATTRIBUTE_NONNULL(n) __attribute__((__nonnull__(n)))
#else
# define ATTRIBUTE_NONNULL(n) /* empty, due to gcc lameness */
#endif

so that our code will be pessimized under normal compiles, but _at
least_ places where we have bugs with improper use of the attribute
won't cause gcc to miscompile things; but still let us get NULL checking
when running clang or Coverity.

I also wonder if this has been detected by Coverity (checking a nonnull
parameter for NULL is dead code, which Coverity does tend to flag), and
we just haven't been following Coverity closely enough to notice.
Eric, I ran Coverity on current commit 'f78024b util: fix crash when
starting macvtap interfaces',
Coverity hasn't complain this issue, although I also enabled
'--security' checkers in Coverity.
The interesting run would be *before* this commit.
I reran coverity on commit 'bae1312 build: fix bootstrap on RHEL', however,
Coverity hasn't also complain the issue, for details, please refer to attachment.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

Error: ATOMICITY:
/libvirt/src/util/event_poll.c:603:
lock: Locking "eventLoop.lock.lock".
/libvirt/src/util/event_poll.c:610:
def: Assigning: "fds" = data that might be protected by the lock.
/libvirt/src/util/event_poll.c:614:
unlock: Unlocking "eventLoop.lock.lock". "fds" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/event_poll.c:632:
lockagain: Locking "eventLoop.lock.lock" again.
/libvirt/src/util/event_poll.c:636:
use: Using an unreliable value of "fds" inside the second locked section.  If the data that "fds" depends on was changed by another thread, this use might be incorrect.

Error: ATOMICITY:
/libvirt/src/rpc/virnetclientstream.c:386:
lock: Locking "st->lock.lock".
/libvirt/src/rpc/virnetclientstream.c:397:
def: Assigning: "msg" = data that might be protected by the lock.
/libvirt/src/rpc/virnetclientstream.c:410:
unlock: Unlocking "st->lock.lock". "msg" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/rpc/virnetclientstream.c:412:
lockagain: Locking "st->lock.lock" again.
/libvirt/src/rpc/virnetclientstream.c:413:
use: Using an unreliable value of "msg" inside the second locked section.  If the data that "msg" depends on was changed by another thread, this use might be incorrect.

Error: ATOMICITY:
/libvirt/src/util/threadpool.c:95:
lock: Locking "pool->mutex.lock".
/libvirt/src/util/threadpool.c:129:
def: Assigning: "pool->jobList.firstPrio" = data that might be protected by the lock.
/libvirt/src/util/threadpool.c:143:
unlock: Unlocking "pool->mutex.lock". "pool->jobList.firstPrio" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/threadpool.c:146:
lockagain: Locking "pool->mutex.lock" again.
/libvirt/src/util/threadpool.c:116:
use: Using an unreliable value of "pool->jobList.firstPrio" inside the second locked section.  If the data that "pool->jobList.firstPrio" depends on was changed by another thread, this use might be incorrect.

Error: ATOMICITY:
/libvirt/src/util/threadpool.c:146:
lock: Locking "pool->mutex.lock".
/libvirt/src/util/threadpool.c:129:
def: Assigning: "pool->jobList.firstPrio" = data that might be protected by the lock.
/libvirt/src/util/threadpool.c:143:
unlock: Unlocking "pool->mutex.lock". "pool->jobList.firstPrio" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/threadpool.c:146:
lockagain: Locking "pool->mutex.lock" again.
/libvirt/src/util/threadpool.c:116:
use: Using an unreliable value of "pool->jobList.firstPrio" inside the second locked section.  If the data that "pool->jobList.firstPrio" depends on was changed by another thread, this use might be incorrect.

Error: ATOMICITY:
/libvirt/src/util/threadpool.c:146:
lock: Locking "pool->mutex.lock".
/libvirt/src/util/threadpool.c:135:
def: Assigning: "pool->jobList.head" = data that might be protected by the lock.
/libvirt/src/util/threadpool.c:143:
unlock: Unlocking "pool->mutex.lock". "pool->jobList.head" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/threadpool.c:146:
lockagain: Locking "pool->mutex.lock" again.
/libvirt/src/util/threadpool.c:118:
use: Using an unreliable value of "pool->jobList.head" inside the second locked section.  If the data that "pool->jobList.head" depends on was changed by another thread, this use might be incorrect.

Error: ATOMICITY:
/libvirt/src/rpc/virnetclientstream.c:96:
lock: Locking "st->lock.lock".
/libvirt/src/rpc/virnetclientstream.c:109:
def: Assigning: "cbOpaque" = data that might be protected by the lock.
/libvirt/src/rpc/virnetclientstream.c:113:
unlock: Unlocking "st->lock.lock". "cbOpaque" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/rpc/virnetclientstream.c:115:
lockagain: Locking "st->lock.lock" again.
/libvirt/src/rpc/virnetclientstream.c:119:
use: Using an unreliable value of "cbOpaque" inside the second locked section.  If the data that "cbOpaque" depends on was changed by another thread, this use might be incorrect.

Error: ATOMICITY:
/libvirt/src/fdstream.c:159:
lock: Locking "fdst->lock.lock".
/libvirt/src/fdstream.c:166:
def: Assigning: "cbopaque" = data that might be protected by the lock.
/libvirt/src/fdstream.c:169:
unlock: Unlocking "fdst->lock.lock". "cbopaque" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/fdstream.c:173:
lockagain: Locking "fdst->lock.lock" again.
/libvirt/src/fdstream.c:176:
use: Using an unreliable value of "cbopaque" inside the second locked section.  If the data that "cbopaque" depends on was changed by another thread, this use might be incorrect.

Error: CHECKED_RETURN:
/libvirt/src/qemu/qemu_hostdev.c:104:
example_checked: "pciDeviceListAdd(list, activeDev)" has its value checked in "pciDeviceListAdd(list, activeDev) < 0".
/libvirt/src/qemu/qemu_hostdev.c:61:
example_checked: "pciDeviceListAdd(list, dev)" has its value checked in "pciDeviceListAdd(list, dev) < 0".
/libvirt/src/qemu/qemu_hostdev.c:463:
example_checked: "pciDeviceListAdd(driver->activePciHostdevs, dev)" has its value checked in "pciDeviceListAdd(driver->activePciHostdevs, dev) < 0".
/libvirt/src/qemu/qemu_hostdev.c:151:
example_checked: "pciDeviceListAdd(driver->activePciHostdevs, dev)" has its value checked in "pciDeviceListAdd(driver->activePciHostdevs, dev) < 0".
/libvirt/src/util/pci.c:1137:
example_checked: "pciDeviceListAdd(inactiveDevs, dev)" has its value checked in "pciDeviceListAdd(inactiveDevs, dev) < 0".
/libvirt/src/qemu/qemu_hostdev.c:703:
check_return: Calling function "pciDeviceListAdd" without checking return value (as is done elsewhere 5 out of 6 times).
/libvirt/src/qemu/qemu_hostdev.c:703:
unchecked_value: No check of the return value of "pciDeviceListAdd(driver->inactivePciHostdevs, dev)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/conf/network_conf.c:595:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/src/conf/network_conf.c:595:
unchecked_value: No check of the return value of "virAsprintf(&name, dcgettext("libvirt", "Service name is too long, limit is %d bytes", 5), 482)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2894:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2894:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/qemu/qemu_process.c:2780:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/src/qemu/qemu_process.c:2780:
unchecked_value: No check of the return value of "virAsprintf(&msg, "was paused (%s)", virDomainPausedReasonTypeToString(reason))".

Error: CHECKED_RETURN:
/libvirt/tools/virsh.c:4003:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:3534:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:7105:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:3208:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:7307:
check_return: Calling function "pthread_sigmask" without checking return value (as is done elsewhere 4 out of 5 times).
/libvirt/tools/virsh.c:7307:
unchecked_value: No check of the return value of "pthread_sigmask(0, &sigmask, &oldsigmask)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:162:
example_checked: "setsid()" has its value checked in "setsid() < 0".
/libvirt/src/lxc/lxc_container.c:155:
example_checked: "setsid()" has its value checked in "setsid() < 0".
/libvirt/src/lxc/lxc_controller.c:1824:
example_checked: "setsid()" has its value checked in "setsid() < 0".
/libvirt/src/util/command.c:575:
example_checked: "setsid()" has its value checked in "setsid() < 0".
/libvirt/tests/commandtest.c:809:
check_return: Calling function "setsid" without checking return value (as is done elsewhere 4 out of 5 times).
/libvirt/tests/commandtest.c:809:
unchecked_value: No check of the return value of "setsid()".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:830:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/python/libvirt-override.c:5728:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/python/libvirt-qemu-override.c:109:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/src/libvirt.c:675:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/src/libvirt.c:741:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/tests/commandtest.c:833:
check_return: Calling function "virInitialize" without checking return value (as is done elsewhere 18 out of 21 times).
/libvirt/tests/commandtest.c:833:
unchecked_value: No check of the return value of "virInitialize()".

Error: CHECKED_RETURN:
/libvirt/tests/cputest.c:475:
example_checked: "virTestGetDebug()" has its value checked in "virTestGetDebug()".
/libvirt/tests/jsontest.c:34:
example_checked: "virTestGetDebug()" has its value checked in "virTestGetDebug()".
/libvirt/tests/jsontest.c:44:
example_checked: "virTestGetDebug()" has its value checked in "virTestGetDebug()".
/libvirt/tests/nodeinfotest.c:52:
example_checked: "virTestGetDebug()" has its value checked in "virTestGetDebug()".
/libvirt/tests/qemuhelptest.c:84:
example_checked: "virTestGetDebug()" has its value checked in "virTestGetDebug()".
/libvirt/tests/commandtest.c:830:
check_return: Calling function "virTestGetDebug" without checking return value (as is done elsewhere 30 out of 33 times).
/libvirt/tests/commandtest.c:830:
unchecked_value: No check of the return value of "virTestGetDebug()".

Error: CHECKED_RETURN:
/libvirt/tests/cputest.c:174:
example_checked: "virTestGetVerbose()" has its value checked in "virTestGetVerbose()".
/libvirt/tests/cputest.c:337:
example_checked: "virTestGetVerbose()" has its value checked in "virTestGetVerbose()".
/libvirt/tests/cputest.c:358:
example_checked: "virTestGetVerbose()" has its value checked in "virTestGetVerbose()".
/libvirt/tests/cputest.c:236:
example_checked: "virTestGetVerbose()" has its value checked in "virTestGetVerbose()".
/libvirt/tests/cputest.c:433:
example_checked: "virTestGetVerbose()" has its value checked in "virTestGetVerbose()".
/libvirt/tests/commandtest.c:831:
check_return: Calling function "virTestGetVerbose" without checking return value (as is done elsewhere 41 out of 42 times).
/libvirt/tests/commandtest.c:831:
unchecked_value: No check of the return value of "virTestGetVerbose()".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/tests/xml2vmxtest.c:191:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/tests/xml2vmxtest.c:191:
unchecked_value: No check of the return value of "virAsprintf(&absolutePath, "/vmfs/volumes/%s/%s", datastoreName, directoryAndFileName)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/tests/networkxml2argvtest.c:133:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/tests/networkxml2argvtest.c:133:
unchecked_value: No check of the return value of "virAsprintf(&leasefile, "/var/lib/libvirt/dnsmasq/%s.leases", netname)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:830:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/python/libvirt-override.c:5728:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/python/libvirt-qemu-override.c:109:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/src/libvirt.c:675:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/src/libvirt.c:741:
example_checked: "virInitialize()" has its value checked in "virInitialize() < 0".
/libvirt/tests/shunloadhelper.c:46:
check_return: Calling function "virInitialize" without checking return value (as is done elsewhere 18 out of 21 times).
/libvirt/tests/shunloadhelper.c:46:
unchecked_value: No check of the return value of "virInitialize()".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/tests/vmx2xmltest.c:177:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/tests/vmx2xmltest.c:177:
unchecked_value: No check of the return value of "virAsprintf(&src, "[%s] %s", datastoreName, directoryAndFileName)".

Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd-config.c:213:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd-config.c:303:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd-config.c:309:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd-config.c:313:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:247:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:591:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/tests/vmx2xmltest.c:186:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 515 out of 543 times).
/libvirt/tests/vmx2xmltest.c:186:
unchecked_value: No check of the return value of "virAsprintf(&src, "[datastore] directory/%s", fileName)".

Error: DEADCODE:
/libvirt/gnulib/lib/strerror_r.c:154:
dead_error_condition: On this path, the condition "msg" cannot be true.
/libvirt/gnulib/lib/strerror_r.c:152:
const: After this line, the value of "msg" is equal to 0.
/libvirt/gnulib/lib/strerror_r.c:152:
assignment: Assigning: "msg" = "NULL".
/libvirt/gnulib/lib/strerror_r.c:155:
dead_error_line: Execution cannot reach this statement "return safe_copy(buf, bufle...".

Error: DEADCODE:
/libvirt/gnulib/lib/strerror.c:45:
dead_error_condition: On this path, the condition "msg" cannot be true.
/libvirt/gnulib/lib/strerror.c:44:
const: After this line, the value of "msg" is equal to 0.
/libvirt/gnulib/lib/strerror.c:44:
assignment: Assigning: "msg" = "NULL".
/libvirt/gnulib/lib/strerror.c:46:
dead_error_line: Execution cannot reach this statement "return (char *)msg;".

Error: DEADCODE:
/libvirt/src/rpc/virnetclient.c:332:
dead_error_condition: On this path, the condition "ka" cannot be true.
/libvirt/src/rpc/virnetclient.c:274:
const: After this line, the value of "ka" is equal to 0.
/libvirt/src/rpc/virnetclient.c:312:
const: After this line, the value of "ka" is equal to 0.
/libvirt/src/rpc/virnetclient.c:274:
assignment: Assigning: "ka" = "NULL".
/libvirt/src/rpc/virnetclient.c:312:
new_values: Noticing condition "ka = virKeepAliveNew(-1, 0U, client, virNetClientKeepAliveSendCB, virNetClientKeepAliveDeadCB, virNetClientEventFree)".
/libvirt/src/rpc/virnetclient.c:333:
dead_error_begin: Execution cannot reach this statement "virKeepAliveStop(ka);".

Error: DEADCODE:
/libvirt/src/lxc/lxc_controller.c:960:
dead_error_condition: On this path, the condition "ret == 4" cannot be true.
/libvirt/src/lxc/lxc_controller.c:959:
at_most: After this line, the value of "ret" is at most -1.
/libvirt/src/lxc/lxc_controller.c:959:
new_values: Noticing condition "ret < 0".
/libvirt/src/lxc/lxc_controller.c:961:
dead_error_line: Execution cannot reach this statement "continue;".

Error: DEADCODE:
/libvirt/src/qemu/qemu_driver.c:8139:
dead_error_condition: On this path, the condition "group" cannot be true.
/libvirt/src/qemu/qemu_driver.c:8034:
const: After this line, the value of "group" is equal to 0.
/libvirt/src/qemu/qemu_driver.c:8034:
assignment: Assigning: "group" = "NULL".
/libvirt/src/qemu/qemu_driver.c:8140:
dead_error_line: Execution cannot reach this statement "virCgroupFree(&group);".

Error: DEADCODE:
/libvirt/tests/commandtest.c:666:
dead_error_condition: On this path, the condition "outbuf" cannot be true.
/libvirt/tests/commandtest.c:655:
const: After this line, the value of "outbuf" is equal to 0.
/libvirt/tests/commandtest.c:655:
new_values: Noticing condition "outbuf != NULL".
/libvirt/tests/commandtest.c:666:
dead_error_line: Execution cannot reach this expression "*outbuf" inside statement "if (!outbuf || *outbuf){
  ...".

Error: FORWARD_NULL:
/libvirt/src/util/command.c:1704:
var_compare_op: Comparing "cmd->errbuf" to null implies that "cmd->errbuf" might be null.
/libvirt/src/util/command.c:1761:
alias_transfer: Assigning null: "buf" = "cmd->errbuf".
/libvirt/src/util/command.c:1783:
var_deref_model: Passing null variable "buf" to function "virReallocN", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/libvirt/src/util/command.c:1697:
var_compare_op: Comparing "cmd->outbuf" to null implies that "cmd->outbuf" might be null.
/libvirt/src/util/command.c:1758:
alias_transfer: Assigning null: "buf" = "cmd->outbuf".
/libvirt/src/util/command.c:1783:
var_deref_model: Passing null variable "buf" to function "virReallocN", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/libvirt/src/remote/remote_driver.c:3006:
assign_zero: Assigning: "credname" = 0.
/libvirt/src/remote/remote_driver.c:3010:
var_deref_model: Passing null variable "credname" to function "virAuthConfigLookup", which dereferences it.
/libvirt/src/util/virauthconfig.c:162:
deref_parm_in_call: Function "virKeyFileHasValue" dereferences parameter "credname". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/libvirt/src/qemu/qemu_hotplug.c:2245:
var_compare_op: Comparing "detach->ifname" to null implies that "detach->ifname" might be null.
/libvirt/src/qemu/qemu_hotplug.c:2257:
var_deref_model: Passing null variable "detach->ifname" to function "virNetDevOpenvswitchRemovePort", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: FORWARD_NULL:
/libvirt/src/rpc/virnetserver.c:703:
var_compare_op: Comparing "srv->clients" to null implies that "srv->clients" might be null.
/libvirt/src/rpc/virnetserver.c:725:
var_deref_op: Dereferencing null variable "srv->clients".

Error: FORWARD_NULL:
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3597:
var_compare_op: Comparing "inst" to null implies that "inst" might be null.
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3604:
var_deref_op: Dereferencing null variable "inst".

Error: FORWARD_NULL:
/libvirt/src/qemu/qemu_driver.c:6574:
assign_zero: Assigning: "group" = 0.
/libvirt/src/qemu/qemu_driver.c:6668:
var_deref_model: Passing null variable "group" to function "virCgroupGetMemoryHardLimit", which dereferences it.
/libvirt/src/util/cgroup.c:1107:
deref_parm_in_call: Function "virCgroupGetValueU64" dereferences parameter "group".
/libvirt/src/util/cgroup.c:435:
deref_parm_in_call: Function "virCgroupGetValueStr" dereferences parameter "group".
/libvirt/src/util/cgroup.c:344:
deref_parm_in_call: Function "virCgroupPathOfController" dereferences parameter "group".
/libvirt/src/util/cgroup.c:281:
deref_parm: Directly dereferencing parameter "group".

Error: FORWARD_NULL:
/libvirt/tools/virsh.c:16788:
var_compare_op: Comparing "from" to null implies that "from" might be null.
/libvirt/tools/virsh.c:16789:
var_deref_model: Passing null variable "from" to function "__coverity_strcmp", which dereferences it.

Error: LOCK:
/libvirt/src/datatypes.c:406:
lock: "virMutexLock" locks "network->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:413:
missing_unlock: Returning without unlocking "network->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:1067:
lock: "virMutexLock" locks "secret->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1074:
missing_unlock: Returning without unlocking "secret->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:144:
lock: "virMutexLock" locks "conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:151:
missing_unlock: Returning without unlocking "conn->lock.lock".

Error: LOCK:
/libvirt/src/util/event_poll.c:441:
lock: "virMutexLock" locks "eventLoop.lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/util/event_poll.c:444:
missing_unlock: Returning without unlocking "eventLoop.lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:275:
lock: "virMutexLock" locks "domain->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:282:
missing_unlock: Returning without unlocking "domain->conn->lock.lock".

Error: LOCK:
/libvirt/src/nwfilter/nwfilter_learnipaddr.c:180:
lock: "virMutexLock" locks "ifaceLock->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/nwfilter/nwfilter_learnipaddr.c:182:
missing_unlock: Returning without unlocking "ifaceLock->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:1125:
lock: "virMutexLock" locks "st->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1132:
missing_unlock: Returning without unlocking "st->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:820:
lock: "virMutexLock" locks "vol->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:827:
missing_unlock: Returning without unlocking "vol->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:1351:
lock: "virMutexLock" locks "snapshot->domain->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1358:
missing_unlock: Returning without unlocking "snapshot->domain->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:676:
lock: "virMutexLock" locks "pool->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:683:
missing_unlock: Returning without unlocking "pool->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:938:
lock: "virMutexLock" locks "dev->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:945:
missing_unlock: Returning without unlocking "dev->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:1260:
lock: "virMutexLock" locks "nwfilter->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1268:
missing_unlock: Returning without unlocking "nwfilter->conn->lock.lock".

Error: LOCK:
/libvirt/src/datatypes.c:542:
lock: "virMutexLock" locks "iface->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:549:
missing_unlock: Returning without unlocking "iface->conn->lock.lock".

Error: NEGATIVE_RETURNS:
/libvirt/src/util/buf.c:147:
negative_return_fn: Function "virBufferGetIndent(buf, true)" returns a negative number.
/libvirt/src/util/buf.c:89:
return_negative_constant: Explicitly returning negative value "-1".
/libvirt/src/util/buf.c:147:
var_assign: Assigning: signed variable "indent" = "virBufferGetIndent".
/libvirt/src/util/buf.c:157:
negative_returns: "indent" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/libvirt/src/util/command.c:1720:
var_tested_neg: Variable "infd" tests negative.
/libvirt/src/util/command.c:1799:
negative_returns: "infd" is passed to a parameter that cannot be negative.

Error: NEGATIVE_RETURNS:
/libvirt/src/conf/nwfilter_params.c:434:
var_tested_neg: Assigning: "iterIndex" = a negative value.
/libvirt/src/conf/nwfilter_params.c:473:
negative_returns: Using variable "iterIndex" as an index to array "res->iter".

Error: NO_EFFECT:
/libvirt/src/qemu/qemu_command.c:3476:
array_null: Comparing an array to null is not useful: ""com.redhat.spice.0"".

Error: NO_EFFECT:
/libvirt/src/qemu/qemu_driver.c:9594:
array_null: Comparing an array to null is not useful: ""qcow2"".

Error: NULL_RETURNS:
/libvirt/src/qemu/qemu_driver.c:9204:
example_checked: "pciDeviceListFind(driver->inactivePciHostdevs, pci)" has its value checked in "pciDeviceListFind(driver->inactivePciHostdevs, pci)".
/libvirt/src/qemu/qemu_driver.c:9234:
example_assign: Assigning: "other" = return value from "pciDeviceListFind(driver->activePciHostdevs, pci)".
/libvirt/src/qemu/qemu_driver.c:9235:
example_checked: "other" has its value checked in "other".
/libvirt/src/qemu/qemu_hostdev.c:103:
example_checked: "pciDeviceListFind(driver->activePciHostdevs, dev)" has its value checked in "activeDev = pciDeviceListFind(driver->activePciHostdevs, dev)".
/libvirt/src/qemu/qemu_hostdev.c:752:
example_assign: Assigning: "activeDev" = return value from "pciDeviceListFind(driver->activePciHostdevs, dev)".
/libvirt/src/qemu/qemu_hostdev.c:753:
example_checked: "activeDev" has its value checked in "activeDev".
/libvirt/src/qemu/qemu_hostdev.c:410:
example_checked: "pciDeviceListFind(driver->activePciHostdevs, dev)" has its value checked in "other = pciDeviceListFind(driver->activePciHostdevs, dev)".
/libvirt/src/qemu/qemu_hostdev.c:482:
returned_null: Function "pciDeviceListFind" returns null (checked 12 out of 13 times).
/libvirt/src/util/pci.c:1611:
return_null: Explicitly returning NULL.
/libvirt/src/qemu/qemu_hostdev.c:482:
var_assigned: Assigning: "activeDev" = null return value from "pciDeviceListFind".
/libvirt/src/qemu/qemu_hostdev.c:484:
dereference: Dereferencing a pointer that might be null "activeDev" when calling "pciDeviceSetUsedBy".
/libvirt/src/util/pci.c:1475:
deref_parm: Directly dereferencing parameter "dev".

Error: NULL_RETURNS:
/libvirt/src/conf/domain_conf.c:769:
example_assign: Assigning: "obj" = return value from "virHashLookup(doms->objs, uuidstr)".
/libvirt/src/conf/domain_conf.c:770:
example_checked: "obj" has its value checked in "obj".
/libvirt/src/conf/domain_conf.c:14415:
example_checked: "virHashLookup(paths, path)" has its value checked in "virHashLookup(paths, path)".
/libvirt/src/conf/domain_conf.c:13024:
example_checked: "virHashLookup(doms->objs, uuidstr)" has its value checked in "virHashLookup(doms->objs, uuidstr) != NULL".
/libvirt/src/conf/domain_conf.c:13914:
example_checked: "virHashLookup(snapshots->objs, def->name)" has its value checked in "virHashLookup(snapshots->objs, def->name) != NULL".
/libvirt/src/conf/nwfilter_params.c:606:
example_checked: "virHashLookup(table->hashTable, name)" has its value checked in "virHashLookup(table->hashTable, name)".
/libvirt/src/conf/nwfilter_params.c:390:
returned_null: Function "virHashLookup" returns null (checked 39 out of 46 times).
/libvirt/src/util/virhash.c:372:
return_null: Explicitly returning NULL.
/libvirt/src/conf/nwfilter_params.c:390:
var_assigned: Assigning: "varValue" = null return value from "virHashLookup".
/libvirt/src/conf/nwfilter_params.c:392:
dereference: Dereferencing a pointer that might be null "varValue" when calling "virNWFilterVarValueGetNthValue".
/libvirt/src/conf/nwfilter_params.c:157:
deref_parm: Directly dereferencing parameter "val".

Error: NULL_RETURNS:
/libvirt/src/conf/domain_conf.c:769:
example_assign: Assigning: "obj" = return value from "virHashLookup(doms->objs, uuidstr)".
/libvirt/src/conf/domain_conf.c:770:
example_checked: "obj" has its value checked in "obj".
/libvirt/src/conf/domain_conf.c:14415:
example_checked: "virHashLookup(paths, path)" has its value checked in "virHashLookup(paths, path)".
/libvirt/src/conf/domain_conf.c:13024:
example_checked: "virHashLookup(doms->objs, uuidstr)" has its value checked in "virHashLookup(doms->objs, uuidstr) != NULL".
/libvirt/src/conf/domain_conf.c:13914:
example_checked: "virHashLookup(snapshots->objs, def->name)" has its value checked in "virHashLookup(snapshots->objs, def->name) != NULL".
/libvirt/src/conf/nwfilter_params.c:606:
example_checked: "virHashLookup(table->hashTable, name)" has its value checked in "virHashLookup(table->hashTable, name)".
/libvirt/src/conf/nwfilter_params.c:398:
returned_null: Function "virHashLookup" returns null (checked 39 out of 46 times).
/libvirt/src/util/virhash.c:372:
return_null: Explicitly returning NULL.
/libvirt/src/conf/nwfilter_params.c:398:
var_assigned: Assigning: "tmp" = null return value from "virHashLookup".
/libvirt/src/conf/nwfilter_params.c:399:
dereference: Dereferencing a pointer that might be null "tmp" when calling "virNWFilterVarValueGetNthValue".
/libvirt/src/conf/nwfilter_params.c:157:
deref_parm: Directly dereferencing parameter "val".

Error: OVERRUN_STATIC:
/libvirt/src/qemu/qemu_command.c:152:
overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
/libvirt/src/util/virnetdevmacvlan.c:948:
access_dbuff_const: Calling "virNetDevMacVLanVPortProfileRegisterCallback" indexes array "macaddress" at byte position 15.
/libvirt/src/util/virnetdevmacvlan.c:773:
access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

Error: OVERRUN_STATIC:
/libvirt/src/qemu/qemu_migration.c:2744:
overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
/libvirt/src/util/virnetdevmacvlan.c:773:
access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

Error: OVERRUN_STATIC:
/libvirt/src/locking/lock_driver_sanlock.c:158:
overrun-buffer-arg: Overrunning static array ""__LIBVIRT__DISKS__"" of size 19 bytes by passing it to a function which indexes it with argument "48UL" at byte position 47.

Error: OVERRUN_STATIC:
/libvirt/src/qemu/qemu_driver.c:435:
overrun-buffer-val: Overrunning static array "net->mac" of size 6 bytes by passing it as an argument to a function which indexes it at byte position 15.
/libvirt/src/util/virnetdevmacvlan.c:1036:
access_dbuff_const: Calling "virNetDevMacVLanVPortProfileRegisterCallback" indexes array "macaddress" at byte position 15.
/libvirt/src/util/virnetdevmacvlan.c:773:
access_dbuff_const: Calling "memcpy" indexes array "macaddress" with index "16UL" at byte position 15.

Error: RESOURCE_LEAK:
/libvirt/src/conf/nwfilter_conf.c:363:
alloc_fn: Calling allocation function "virNWFilterVarAccessParse".
/libvirt/src/conf/nwfilter_params.c:930:
alloc_arg: "virAlloc" allocates memory that is stored into "dest".
/libvirt/src/util/memory.c:101:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:101:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/libvirt/src/conf/nwfilter_params.c:946:
return_alloc: Returning allocated memory "dest".
/libvirt/src/conf/nwfilter_conf.c:363:
var_assign: Assigning: "varAccess" =  storage returned from "virNWFilterVarAccessParse(var)".
/libvirt/src/conf/nwfilter_conf.c:369:
noescape: Variable "varAccess" is not freed or pointed-to in function "virNWFilterVarAccessEqual".
/libvirt/src/conf/nwfilter_params.c:897:57:
noescape: "virNWFilterVarAccessEqual" does not free or save its pointer parameter "b".
/libvirt/src/conf/nwfilter_conf.c:378:
leaked_storage: Variable "varAccess" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:1893:
alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec".
/libvirt/src/esx/esx_vi_types.generated.c:2065:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:2006:
leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:1945:
alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec".
/libvirt/src/esx/esx_vi_types.generated.c:2693:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:2006:
leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:3913:
alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec".
/libvirt/src/esx/esx_vi_types.generated.c:2065:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:4075:
leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:3920:
alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec".
/libvirt/src/esx/esx_vi_types.generated.c:2693:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:4075:
leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/nodeinfo.c:631:
alloc_fn: Calling allocation function "fopen".
/libvirt/src/nodeinfo.c:631:
var_assign: Assigning: "cpuinfo" =  storage returned from "fopen("/proc/cpuinfo", "r")".
/libvirt/src/nodeinfo.c:640:
leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/vmx/vmx.c:2431:
alloc_fn: Calling allocation function "calloc".
/libvirt/src/vmx/vmx.c:2431:
var_assign: Assigning: "networkName" =  storage returned from "calloc(1UL, 1UL)".
/libvirt/src/vmx/vmx.c:2495:
leaked_storage: Variable "networkName" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/src/util/virnetlink.c:338:
alloc_arg: Calling allocation function "virAlloc" on "srv".
/libvirt/src/util/memory.c:101:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:101:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/libvirt/src/util/virnetlink.c:343:
noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit".
/libvirt/src/util/threads-pthread.c:49:30:
noescape: "virMutexInit" does not free or save its pointer parameter "m".
/libvirt/src/util/virnetlink.c:404:
leaked_storage: Variable "srv" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/daemon/libvirtd.c:147:
open_fn: Calling opening function "open".
/libvirt/daemon/libvirtd.c:147:
var_assign: Assigning: "stdinfd" =  handle returned from "open("/dev/null", 0)".
/libvirt/daemon/libvirtd.c:151:
noescape: Variable "stdinfd" is not closed or saved in function "dup2".
/libvirt/daemon/libvirtd.c:168:
leaked_handle: Handle variable "stdinfd" going out of scope leaks the handle.

Error: RESOURCE_LEAK:
/libvirt/daemon/libvirtd.c:149:
open_fn: Calling opening function "open".
/libvirt/daemon/libvirtd.c:149:
var_assign: Assigning: "stdoutfd" =  handle returned from "open("/dev/null", 1)".
/libvirt/daemon/libvirtd.c:153:
noescape: Variable "stdoutfd" is not closed or saved in function "dup2".
/libvirt/daemon/libvirtd.c:155:
noescape: Variable "stdoutfd" is not closed or saved in function "dup2".
/libvirt/daemon/libvirtd.c:168:
leaked_handle: Handle variable "stdoutfd" going out of scope leaks the handle.

Error: RESOURCE_LEAK:
/libvirt/src/qemu/qemu_driver.c:6968:
alloc_fn: Calling allocation function "calloc".
/libvirt/src/qemu/qemu_driver.c:6968:
var_assign: Assigning: "nodeset" =  storage returned from "calloc(1UL, 1UL)".
/libvirt/src/qemu/qemu_driver.c:6977:
noescape: Variable "nodeset" is not freed or pointed-to in function "virTypedParameterAssign".
/libvirt/src/qemu/qemu_driver.c:6997:
leaked_storage: Variable "nodeset" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/libvirt/tests/commandtest.c:821:
open_fn: Calling opening function "open".
/libvirt/tests/commandtest.c:821:
var_assign: Assigning: "fd" =  handle returned from "open("/dev/null", 0)".
/libvirt/tests/commandtest.c:821:
noescape: Variable "fd" is not closed or saved in function "dup2".
/libvirt/tests/commandtest.c:826:
leaked_handle: Handle variable "fd" going out of scope leaks the handle.

Error: RESOURCE_LEAK:
/libvirt/tests/commandtest.c:821:
open_fn: Calling opening function "open".
/libvirt/tests/commandtest.c:821:
var_assign: Assigning: "fd" =  handle returned from "open("/dev/null", 0)".
/libvirt/tests/commandtest.c:821:
noescape: Variable "fd" is not closed or saved in function "dup2".
/libvirt/tests/commandtest.c:836:
overwrite_var: Overwriting handle "fd" in call "fd = 3" leaks the handle.

Error: RESOURCE_LEAK:
/libvirt/tests/qemuxml2argvtest.c:47:
alloc_arg: Calling allocation function "virAlloc" on "ret".
/libvirt/src/util/memory.c:101:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:101:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/libvirt/tests/qemuxml2argvtest.c:54:
leaked_storage: Variable "ret" going out of scope leaks the storage it points to.

Error: RETURN_LOCAL:
/libvirt/gnulib/lib/careadlinkat.c:99:
local_ptr_assign_local: Assigning: "buffer" = "stack_buf" (address of local variable "stack_buf").
/libvirt/gnulib/lib/careadlinkat.c:103:
local_ptr_assign_ptr: Assigning: "buf" = "buffer".
/libvirt/gnulib/lib/careadlinkat.c:150:
return_local_addr_alias: Returning pointer "buf" which points to local variable "stack_buf".

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1880:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1939:
check_after_deref: Dereferencing "machineName" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1384:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1409:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1384:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1409:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1384:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1409:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1880:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1939:
check_after_deref: Dereferencing "machineName" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1880:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1939:
check_after_deref: Dereferencing "machineName" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1384:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1409:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1384:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1409:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1384:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1409:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1880:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1939:
check_after_deref: Dereferencing "machineName" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1880:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1939:
check_after_deref: Dereferencing "machineName" before a null check.

Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1880:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1939:
check_after_deref: Dereferencing "machineName" before a null check.

Error: SECURE_TEMP:
/libvirt/src/secret/secret_driver.c:174:
secure_temp: Calling "mkstemp" without securely setting umask first.

Error: SECURE_TEMP:
/libvirt/src/qemu/qemu_driver.c:8321:
secure_temp: Calling "mkstemp" without securely setting umask first.

Error: SECURE_TEMP:
/libvirt/src/qemu/qemu_driver.c:3217:
secure_temp: Calling "mkstemp" without securely setting umask first.

Error: SIZEOF_MISMATCH:
/libvirt/tools/virsh.c:5364:
suspicious_sizeof: Passing argument "8UL /* sizeof (cpumap) */" to function "_vshCalloc" and then casting the return value to "unsigned char *" is suspicious.

Error: STRING_NULL:
/libvirt/src/util/uuid.c:273:
string_null_argument: Function "getDMISystemUUID" does not terminate string "*dmiuuid".
/libvirt/src/util/uuid.c:241:
string_null_argument: Function "saferead" fills array "*uuid" with a non-terminated string.
/libvirt/src/util/util.c:101:
string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
/libvirt/src/util/uuid.c:274:
string_null: Passing unterminated string "dmiuuid" to a function expecting a null-terminated string.
/libvirt/src/util/uuid.c:138:
var_assign_parm: Assigning: "cur" = "uuidstr". They now point to the same thing.
/libvirt/src/util/uuid.c:164:
string_null_sink_loop: Searching for null termination in an unterminated array "cur".

Error: STRING_NULL:
/libvirt/src/node_device/node_device_linux_sysfs.c:80:
string_null_argument: Function "saferead" does not terminate string "*buf".
/libvirt/src/util/util.c:101:
string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
/libvirt/src/node_device/node_device_linux_sysfs.c:87:
string_null: Passing unterminated string "buf" to a function expecting a null-terminated string.

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:359:
tainted_data_return: Function "pciRead8" returns tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:359:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:369:
tainted_data: Passing tainted variable "pos" to a tainted sink.
/libvirt/src/util/pci.c:223:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
/libvirt/src/util/pci.c:376:
tainted_data: Passing tainted variable "pos + 1" to a tainted sink.
/libvirt/src/util/pci.c:223:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:369:
tainted_data: Passing tainted variable "pos" to a tainted sink.
/libvirt/src/util/pci.c:223:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returns tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:376:
tainted_data: Passing tainted variable "pos + 1" to a tainted sink.
/libvirt/src/util/pci.c:223:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:369:
tainted_data: Passing tainted variable "pos" to a tainted sink.
/libvirt/src/util/pci.c:223:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returns tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:437:
tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:373:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:437:
var_assign: Assigning: "pos" = "pciFindCapabilityOffset", which taints "pos".
/libvirt/src/util/pci.c:439:
tainted_data: Passing tainted variable "pos + 3" to a tainted sink.
/libvirt/src/util/pci.c:231:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:728:
tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:373:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:728:
var_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset", which taints "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:730:
tainted_data: Passing tainted variable "dev->pcie_cap_pos" to a tainted sink.
/libvirt/src/util/pci.c:426:
tainted_data_sink_lv_call: Passing tainted variable "dev->pcie_cap_pos + 4U" to tainted data sink "pciRead32".
/libvirt/src/util/pci.c:239:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:729:
tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:373:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:729:
var_assign: Assigning: "dev->pci_pm_cap_pos" = "pciFindCapabilityOffset", which taints "dev->pci_pm_cap_pos".
/libvirt/src/util/pci.c:734:
tainted_data: Passing tainted variable "dev->pci_pm_cap_pos" to a tainted sink.
/libvirt/src/util/pci.c:481:
tainted_data_sink_lv_call: Passing tainted variable "dev->pci_pm_cap_pos + 4U" to tainted data sink "pciRead32".
/libvirt/src/util/pci.c:239:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:1674:
tainted_data_argument: Calling function "pciInitDevice" taints argument "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:728:
tainted_data_return: "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:373:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:728:
parm_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset(dev, 16U)", which taints "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:1677:
var_assign_var: Assigning: "pos" = "dev->pcie_cap_pos". Both are now tainted.
/libvirt/src/util/pci.c:1681:
tainted_data: Passing tainted variable "pos + 2U" to a tainted sink.
/libvirt/src/util/pci.c:231:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:1732:
tainted_data_argument: Calling function "pciDeviceDownstreamLacksACS" taints argument "parent->pcie_cap_pos".
/libvirt/src/util/pci.c:1674:
tainted_data_argument: Calling function "pciInitDevice" taints parameter "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:728:
tainted_data_return: "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:376:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:223:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:209:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:224:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:376:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:368:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:373:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:728:
parm_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset(dev, 16U)", which taints "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:1732:
tainted_data: Passing tainted variable "parent->pcie_cap_pos" to a tainted sink.
/libvirt/src/util/pci.c:1677:
var_assign_parm: Assigning: "pos" = "dev->pcie_cap_pos". "pos" is now tainted.
/libvirt/src/util/pci.c:1681:
tainted_data_sink_lv_call: Passing tainted variable "pos + 2U" to tainted data sink "pciRead16".
/libvirt/src/util/pci.c:231:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:209:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".

Error: TAINTED_SCALAR:
/libvirt/src/qemu/qemu_driver.c:3996:
tainted_data_argument: Calling function "saferead" taints argument "header".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/qemu/qemu_driver.c:4054:
tainted_data: Passing tainted variable "header.xml_len" to a tainted sink.
/libvirt/src/util/util.c:100:
lower_bounds: Checking lower bounds of unsigned scalar "count" by "count > 0UL".
/libvirt/src/util/util.c:101:
tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "read".

Error: TAINTED_SCALAR:
/libvirt/src/qemu/qemu_driver.c:3996:
tainted_data_argument: Calling function "saferead" taints argument "header".
/libvirt/src/util/util.c:101:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/qemu/qemu_driver.c:4043:
lower_bounds: Checking lower bounds of unsigned scalar "header.xml_len" by "header.xml_len <= 0U".
/libvirt/src/qemu/qemu_driver.c:4049:
tainted_data: Passing tainted variable "header.xml_len" to a tainted sink.
/libvirt/src/util/memory.c:129:
tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "calloc".

Error: TAINTED_SCALAR:
/libvirt/src/uml/uml_driver.c:910:
tainted_data_argument: Calling function "recvfrom" taints argument "res".
/libvirt/src/uml/uml_driver.c:929:
tainted_data: Passing tainted variable "res.length" to a tainted sink.

Error: TAINTED_SCALAR:
/libvirt/src/uml/uml_driver.c:910:
tainted_data_argument: Calling function "recvfrom" taints argument "res".
/libvirt/src/uml/uml_driver.c:930:
var_assign_var: Compound assignment involving tainted variable "res.length - 1U" to variable "retlen" taints "retlen".
/libvirt/src/uml/uml_driver.c:931:
tainted_data: Using tainted variable "retlen" as an index to pointer "retdata".

Error: TAINTED_SCALAR:
/libvirt/src/util/iohelper.c:255:
tainted_data_transitive: Call to function "virStrToLong_ull" with tainted argument "argv[4]" transitively taints "offset".
/libvirt/src/util/util.c:1595:
tainted_data_transitive: Calling function "strtoull" with tainted argument "s" results in tainted data.
/libvirt/src/util/util.c:1595:
var_assign: Assigning: "val" = "strtoull(s, &p, base)", which taints "val".
/libvirt/src/util/util.c:1601:
parm_assign: Assigning: "*result" = "val", which taints "*result".
/libvirt/src/util/iohelper.c:265:
tainted_data: Passing tainted variable "offset" to a tainted sink.
/libvirt/src/util/iohelper.c:63:
tainted_data_sink_lv_call: Passing tainted variable "offset" to tainted data sink "lseek".

Error: TAINTED_STRING:
/libvirt/src/util/virnetdevmacvlan.c:328:
tainted_string_argument: Call to "fscanf(file, "%d", &ifindex)" taints "ifindex".
/libvirt/src/util/virnetdevmacvlan.c:338:
vararg_transitive: Call to "snprintf" with tainted argument "ifindex" taints "tapname".
/libvirt/src/util/virnetdevmacvlan.c:348:
tainted_string: Passing tainted string "tapname" to a function that cannot accept tainted data.

Error: TAINTED_STRING:
/libvirt/gnulib/lib/localcharset.c:132:
tainted_string_return_content: "getenv" returns tainted string content.
/libvirt/gnulib/lib/localcharset.c:132:
var_assign: Assigning: "dir" = "getenv("CHARSETALIASDIR")", which taints "dir".
/libvirt/gnulib/lib/localcharset.c:144:
tainted_data_transitive: Call to function "memcpy" with tainted argument "dir" transitively taints "file_name".
/libvirt/gnulib/lib/localcharset.c:144:
tainted_data_transitive: Call to function "memcpy" with tainted argument "file_name" returns tainted data.
/libvirt/gnulib/lib/localcharset.c:165:
tainted_string: Passing tainted string "file_name" to a function that cannot accept tainted data.

Error: TAINTED_STRING:
/libvirt/src/util/iohelper.c:239:
var_assign_var: Assigning: "path" = "argv[1]". Both are now tainted.
/libvirt/src/util/iohelper.c:265:
tainted_string: Passing tainted string "path" to a function that cannot accept tainted data.
/libvirt/src/util/iohelper.c:53:
tainted_string_sink_content_lv_call: Passing tainted string "path" to "open", which depends on its content.

Error: TOCTOU:
/libvirt/src/util/util.c:1242:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1267:
toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/util/cgroup.c:547:
fs_check_call: Calling function "access" to perform check on "path".
/libvirt/src/util/cgroup.c:548:
toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/storage/storage_backend.c:1009:
fs_check_call: Calling function "lstat" to perform check on "path".
/libvirt/src/storage/storage_backend.c:1024:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/qemu/qemu_driver.c:2455:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/qemu/qemu_driver.c:2469:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/util/util.c:1083:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1088:
toctou: Calling function "chown" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/util/util.c:1095:
toctou: Calling function "chmod" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/locking/lock_manager.c:144:
fs_check_call: Calling function "access" to perform check on "modfile".
/libvirt/src/locking/lock_manager.c:151:
toctou: Calling function "dlopen" that uses "modfile" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/qemu/qemu_driver.c:10012:
fs_check_call: Calling function "stat" to perform check on "disk->src".
/libvirt/src/qemu/qemu_driver.c:10012:
toctou: Calling function "unlink" that uses "disk->src" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/tools/virsh.c:19606:
fs_check_call: Calling function "stat" to perform check on "ctl->logfile".
/libvirt/tools/virsh.c:19623:
toctou: Calling function "open" that uses "ctl->logfile" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/util/util.c:1115:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1161:
toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/util/util.c:1172:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1178:
toctou: Calling function "chown" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/util/util.c:1185:
toctou: Calling function "chmod" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/util/virpidfile.c:367:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/virpidfile.c:333:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/storage/storage_backend.c:576:
fs_check_call: Calling function "stat" to perform check on "vol->target.path".
/libvirt/src/storage/storage_backend.c:585:
toctou: Calling function "chown" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/storage/storage_backend.c:565:
fs_check_call: Calling function "stat" to perform check on "vol->target.path".
/libvirt/src/storage/storage_backend.c:585:
toctou: Calling function "chown" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/storage/storage_backend.c:592:
toctou: Calling function "chmod" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/locking/lock_driver_sanlock.c:545:
fs_check_call: Calling function "stat" to perform check on "res->disks[0].path".
/libvirt/src/locking/lock_driver_sanlock.c:547:
toctou: Calling function "open" that uses "res->disks[0].path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: TOCTOU:
/libvirt/src/locking/lock_driver_sanlock.c:172:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/locking/lock_driver_sanlock.c:174:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/locking/lock_driver_sanlock.c:253:
toctou: Calling function "unlink" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.

Error: UNINIT:
/libvirt/src/util/command.c:247:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/src/util/command.c:327:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".

Error: UNINIT:
/libvirt/src/lxc/lxc_driver.c:1412:
var_decl: Declaring variable "fd" without initializer.
/libvirt/src/lxc/lxc_driver.c:1460:
uninit_use_in_call: Using uninitialized value "fd" when calling "virFileClose".
/libvirt/src/util/virfile.c:50:
read_parm: Reading a parameter value.

Error: UNINIT:
/libvirt/tools/virsh.c:620:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/tools/virsh.c:626:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".

Error: UNINIT:
/libvirt/src/lxc/lxc_controller.c:1104:
var_decl: Declaring variable "consoles" without initializer.
/libvirt/src/lxc/lxc_controller.c:1237:
uninit_use: Using uninitialized value "consoles".

Error: UNINIT:
/libvirt/tools/virsh.c:7243:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/tools/virsh.c:7260:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".

Error: UNINIT:
/libvirt/tools/virsh.c:7628:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/tools/virsh.c:7666:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".

Error: UNINIT:
/libvirt/tools/virsh.c:7775:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/tools/virsh.c:7809:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".

Error: UNUSED_VALUE:
/libvirt/tools/virsh.c:9659:
returned_pointer: Pointer "br_node" returned by "virXPathNode("./bridge", ctxt)" is never used.

Error: UNUSED_VALUE:
/libvirt/tools/virsh.c:9664:
returned_pointer: Pointer "if_node" returned by "virXPathNode("./bridge/interface[2]", ctxt)" is never used.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]