Re: [Xen-devel] False positive coverity bug id: 1351218

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 18/02/16 15:36, Harmandeep Kaur wrote:
> This is about a Coverity bug (included in the end), which I think is
> a false positive. I don't think pagesize can be zero in any case.
> pagesize = 1 << (((flags >> TMEM_POOL_PAGESIZE_SHIFT) &
>                             TMEM_POOL_PAGESIZE_MASK) + 12);
>
> Which means "pagesize > bufsize" will always be true and buf can
> not be null in any case if it reaches line 464 (or call may terminate
> if realloc(..) returns NULL).

I would agree that given the "1 <<", pagesize will always be larger than
0, and therefore call realloc().

However, every iteration of the
"while ( read_exact(io_fd, &pool_id, sizeof(pool_id)) == 0 && pool_id != -1 )"
loop leaks buf, as do most of the error paths.

This function is currently orphaned code (since Xen 4.6), and in need of
some re-development before it can be used again.  I wouldn't worry too
much about fixing it up.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel