[Qemu-devel] [PATCH 0/6] fix some coverity complains

[Qemu-devel] [PATCH 0/6] fix some coverity complains

[Gonglei]

Gonglei (6):
  egl-helpers: fix possible resource leak
  sheepdog: fix possible resouce leak and out-of-bounds access
  spice: fix coverity complains
  hostmem-file: fix memory leak
  spapr: fix possible Negative array index read
  smbus: fix memory leak

 backends/hostmem-file.c | 5 ++++-
 block/sheepdog.c        | 9 ++++++---
 hw/i2c/smbus_eeprom.c   | 2 ++
 hw/ppc/spapr.c          | 4 ++++
 ui/egl-helpers.c        | 9 +++------
 ui/spice-display.c      | 4 +---
 6 files changed, 20 insertions(+), 13 deletions(-)

-- 
1.8.5.2

[Qemu-devel] [PATCH 1/6] egl-helpers: fix possible resource leak

[Gonglei]

CID 1352419, using g_strdup_printf instead of asprintf.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 ui/egl-helpers.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
index 54be44c..2da1930 100644
--- a/ui/egl-helpers.c
+++ b/ui/egl-helpers.c
@@ -50,18 +50,15 @@ int qemu_egl_rendernode_open(void)
             continue;
         }
 
-        r = asprintf(&p, "/dev/dri/%s", e->d_name);
-        if (r < 0) {
-            return -1;
-        }
+        p = g_strdup_printf("/dev/dri/%s", e->d_name);
 
         r = open(p, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK);
         if (r < 0) {
-            free(p);
+            g_free(p);
             continue;
         }
         fd = r;
-        free(p);
+        g_free(p);
         break;
     }
 
-- 
1.8.5.2

[Qemu-devel] [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds access

[Gonglei]

CID 1352418 (#1 of 1): Out-of-bounds access (INCOMPATIBLE_CAST)
incompatible_cast: Pointer &snap_id points to an object whose effective
type is unsigned int (32 bits, unsigned) but is dereferenced as a wider
unsigned long (64 bits, unsigned). This may lead to memory corruption.

We also need to free local_err when ret is not equals to 0.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 block/sheepdog.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index 8739acc..3d81bba 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
                               const char *name,
                               Error **errp)
 {
-    uint32_t snap_id = 0;
+    unsigned long snap_id = 0;
     char snap_tag[SD_MAX_VDI_TAG_LEN];
     Error *local_err = NULL;
     int fd, ret;
@@ -2565,20 +2565,23 @@ static int sd_snapshot_delete(BlockDriverState *bs,
     memset(buf, 0, sizeof(buf));
     memset(snap_tag, 0, sizeof(snap_tag));
     pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
-    if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)) {
+    if (qemu_strtoul(snapshot_id, NULL, 10, &snap_id)) {
         return -1;
     }
 
     if (snap_id) {
+        assert(snap_id <= UINT_MAX);
+
         hdr.snapid = snap_id;
     } else {
         pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
         pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, snap_tag);
     }
 
-    ret = find_vdi_name(s, s->name, snap_id, snap_tag, &vid, true,
+    ret = find_vdi_name(s, s->name, hdr.snapid, snap_tag, &vid, true,
                         &local_err);
     if (ret) {
+        error_report_err(local_err);
         return ret;
     }
 
-- 
1.8.5.2

[Qemu-devel] [PATCH 3/6] spice: fix coverity complains

[Gonglei]

Remove the unnecessary NULL check.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 ui/spice-display.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ui/spice-display.c b/ui/spice-display.c
index 242ab5f..1ffbec1 100644
--- a/ui/spice-display.c
+++ b/ui/spice-display.c
@@ -769,9 +769,7 @@ static void display_mouse_define(DisplayChangeListener *dcl,
     SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
 
     qemu_mutex_lock(&ssd->lock);
-    if (c) {
-        cursor_get(c);
-    }
+    cursor_get(c);
     cursor_put(ssd->cursor);
     ssd->cursor = c;
     ssd->hot_x = c->hot_x;
-- 
1.8.5.2

[Qemu-devel] [PATCH 4/6] hostmem-file: fix memory leak

[Gonglei]

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 backends/hostmem-file.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
index fd59482..217f858 100644
--- a/backends/hostmem-file.c
+++ b/backends/hostmem-file.c
@@ -51,11 +51,14 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
     error_setg(errp, "-mem-path not supported on this host");
 #else
     if (!memory_region_size(&backend->mr)) {
+        gchar *path;
         backend->force_prealloc = mem_prealloc;
+        path = object_get_canonical_path(OBJECT(backend));
         memory_region_init_ram_from_file(&backend->mr, OBJECT(backend),
-                                 object_get_canonical_path(OBJECT(backend)),
+                                 path,
                                  backend->size, fb->share,
                                  fb->mem_path, errp);
+        g_free(path);
     }
 #endif
 }
-- 
1.8.5.2

[Qemu-devel] [PATCH 5/6] spapr: fix possible Negative array index read

[Gonglei]

fix CID 1351391.

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 hw/ppc/spapr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e9d4abf..57d19ab 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2221,6 +2221,10 @@ static void spapr_machine_device_plug(HotplugHandler *hotplug_dev,
         if (*errp) {
             return;
         }
+        if (node < 0 || node >= MAX_NODES) {
+            error_setg(errp, "Invaild node %d", node);
+            return;
+        }
 
         /*
          * Currently PowerPC kernel doesn't allow hot-adding memory to
-- 
1.8.5.2

[Qemu-devel] [PATCH 6/6] smbus: fix memory leak

[Gonglei]

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 hw/i2c/smbus_eeprom.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
index 5b7bd89..83c6b27 100644
--- a/hw/i2c/smbus_eeprom.c
+++ b/hw/i2c/smbus_eeprom.c
@@ -156,4 +156,6 @@ void smbus_eeprom_init(I2CBus *smbus, int nb_eeprom,
         qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
         qdev_init_nofail(eeprom);
     }
+
+    g_free(eeprom_buf);
 }
-- 
1.8.5.2

Re: [Qemu-devel] [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds access

[Paolo Bonzini]

On 03/03/2016 10:43, Gonglei wrote:
> CID 1352418 (#1 of 1): Out-of-bounds access (INCOMPATIBLE_CAST)
> incompatible_cast: Pointer &snap_id points to an object whose effective
> type is unsigned int (32 bits, unsigned) but is dereferenced as a wider
> unsigned long (64 bits, unsigned). This may lead to memory corruption.
> 
> We also need to free local_err when ret is not equals to 0.
> 
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  block/sheepdog.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/block/sheepdog.c b/block/sheepdog.c
> index 8739acc..3d81bba 100644
> --- a/block/sheepdog.c
> +++ b/block/sheepdog.c
> @@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
>                                const char *name,
>                                Error **errp)
>  {
> -    uint32_t snap_id = 0;
> +    unsigned long snap_id = 0;
>      char snap_tag[SD_MAX_VDI_TAG_LEN];
>      Error *local_err = NULL;
>      int fd, ret;
> @@ -2565,20 +2565,23 @@ static int sd_snapshot_delete(BlockDriverState *bs,
>      memset(buf, 0, sizeof(buf));
>      memset(snap_tag, 0, sizeof(snap_tag));
>      pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
> -    if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)) {
> +    if (qemu_strtoul(snapshot_id, NULL, 10, &snap_id)) {
>          return -1;
>      }
>  
>      if (snap_id) {
> +        assert(snap_id <= UINT_MAX);
> +
>          hdr.snapid = snap_id;
>      } else {
>          pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
>          pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN, snap_tag);
>      }
>  
> -    ret = find_vdi_name(s, s->name, snap_id, snap_tag, &vid, true,
> +    ret = find_vdi_name(s, s->name, hdr.snapid, snap_tag, &vid, true,
>                          &local_err);
>      if (ret) {
> +        error_report_err(local_err);
>          return ret;
>      }
>  
> 

A patch for this has been posted yesterday by Jeff Cody.

Paolo

Re: [Qemu-devel] [PATCH 6/6] smbus: fix memory leak

[Paolo Bonzini]

On 03/03/2016 10:43, Gonglei wrote:
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  hw/i2c/smbus_eeprom.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
> index 5b7bd89..83c6b27 100644
> --- a/hw/i2c/smbus_eeprom.c
> +++ b/hw/i2c/smbus_eeprom.c
> @@ -156,4 +156,6 @@ void smbus_eeprom_init(I2CBus *smbus, int nb_eeprom,
>          qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
>          qdev_init_nofail(eeprom);
>      }
> +
> +    g_free(eeprom_buf);
>  }
> 

This is wrong, eeprom_buf is passed to the device through qdev_prop_set_ptr.

Paolo

Re: [Qemu-devel] [PATCH 1/6] egl-helpers: fix possible resource leak

[Paolo Bonzini]

On 03/03/2016 10:43, Gonglei wrote:
> CID 1352419, using g_strdup_printf instead of asprintf.
> 
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  ui/egl-helpers.c | 9 +++------
>  1 file changed, 3 insertions(+), 6 deletions(-)
> 
> diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
> index 54be44c..2da1930 100644
> --- a/ui/egl-helpers.c
> +++ b/ui/egl-helpers.c
> @@ -50,18 +50,15 @@ int qemu_egl_rendernode_open(void)
>              continue;
>          }
>  
> -        r = asprintf(&p, "/dev/dri/%s", e->d_name);
> -        if (r < 0) {
> -            return -1;
> -        }
> +        p = g_strdup_printf("/dev/dri/%s", e->d_name);
>  
>          r = open(p, O_RDWR | O_CLOEXEC | O_NOCTTY | O_NONBLOCK);
>          if (r < 0) {
> -            free(p);
> +            g_free(p);
>              continue;
>          }
>          fd = r;
> -        free(p);
> +        g_free(p);
>          break;
>      }
>  
> 

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Re: [Qemu-devel] [PATCH 3/6] spice: fix coverity complains

[Paolo Bonzini]

On 03/03/2016 10:43, Gonglei wrote:
> Remove the unnecessary NULL check.
> 
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  ui/spice-display.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/ui/spice-display.c b/ui/spice-display.c
> index 242ab5f..1ffbec1 100644
> --- a/ui/spice-display.c
> +++ b/ui/spice-display.c
> @@ -769,9 +769,7 @@ static void display_mouse_define(DisplayChangeListener *dcl,
>      SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
>  
>      qemu_mutex_lock(&ssd->lock);
> -    if (c) {
> -        cursor_get(c);
> -    }
> +    cursor_get(c);
>      cursor_put(ssd->cursor);
>      ssd->cursor = c;
>      ssd->hot_x = c->hot_x;
> 

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Re: [Qemu-devel] [PATCH 4/6] hostmem-file: fix memory leak

[Paolo Bonzini]

On 03/03/2016 10:43, Gonglei wrote:
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  backends/hostmem-file.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
> index fd59482..217f858 100644
> --- a/backends/hostmem-file.c
> +++ b/backends/hostmem-file.c
> @@ -51,11 +51,14 @@ file_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
>      error_setg(errp, "-mem-path not supported on this host");
>  #else
>      if (!memory_region_size(&backend->mr)) {
> +        gchar *path;
>          backend->force_prealloc = mem_prealloc;
> +        path = object_get_canonical_path(OBJECT(backend));
>          memory_region_init_ram_from_file(&backend->mr, OBJECT(backend),
> -                                 object_get_canonical_path(OBJECT(backend)),
> +                                 path,
>                                   backend->size, fb->share,
>                                   fb->mem_path, errp);
> +        g_free(path);
>      }
>  #endif
>  }
> 

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Re: [Qemu-devel] [PATCH 5/6] spapr: fix possible Negative array index read

[Paolo Bonzini]

On 03/03/2016 10:43, Gonglei wrote:
> fix CID 1351391.
> 
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  hw/ppc/spapr.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index e9d4abf..57d19ab 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -2221,6 +2221,10 @@ static void spapr_machine_device_plug(HotplugHandler *hotplug_dev,
>          if (*errp) {
>              return;
>          }
> +        if (node < 0 || node >= MAX_NODES) {
> +            error_setg(errp, "Invaild node %d", node);
> +            return;
> +        }
>  
>          /*
>           * Currently PowerPC kernel doesn't allow hot-adding memory to
> 

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Re: [Qemu-devel] [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds access

[Gonglei (Arei)]

Regards,
-Gonglei


> -----Original Message-----
> From: Paolo Bonzini [mailto:pbonzini@redhat.com]
> Sent: Thursday, March 03, 2016 7:18 PM
> To: Gonglei (Arei); qemu-devel@nongnu.org
> Cc: qemu-trivial@nongnu.org
> Subject: Re: [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds
> access
> 
> 
> 
> On 03/03/2016 10:43, Gonglei wrote:
> > CID 1352418 (#1 of 1): Out-of-bounds access (INCOMPATIBLE_CAST)
> > incompatible_cast: Pointer &snap_id points to an object whose effective
> > type is unsigned int (32 bits, unsigned) but is dereferenced as a wider
> > unsigned long (64 bits, unsigned). This may lead to memory corruption.
> >
> > We also need to free local_err when ret is not equals to 0.
> >
> > Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> > ---
> >  block/sheepdog.c | 9 ++++++---
> >  1 file changed, 6 insertions(+), 3 deletions(-)
> >
> > diff --git a/block/sheepdog.c b/block/sheepdog.c
> > index 8739acc..3d81bba 100644
> > --- a/block/sheepdog.c
> > +++ b/block/sheepdog.c
> > @@ -2543,7 +2543,7 @@ static int sd_snapshot_delete(BlockDriverState
> *bs,
> >                                const char *name,
> >                                Error **errp)
> >  {
> > -    uint32_t snap_id = 0;
> > +    unsigned long snap_id = 0;
> >      char snap_tag[SD_MAX_VDI_TAG_LEN];
> >      Error *local_err = NULL;
> >      int fd, ret;
> > @@ -2565,20 +2565,23 @@ static int sd_snapshot_delete(BlockDriverState
> *bs,
> >      memset(buf, 0, sizeof(buf));
> >      memset(snap_tag, 0, sizeof(snap_tag));
> >      pstrcpy(buf, SD_MAX_VDI_LEN, s->name);
> > -    if (qemu_strtoul(snapshot_id, NULL, 10, (unsigned long *)&snap_id)) {
> > +    if (qemu_strtoul(snapshot_id, NULL, 10, &snap_id)) {
> >          return -1;
> >      }
> >
> >      if (snap_id) {
> > +        assert(snap_id <= UINT_MAX);
> > +
> >          hdr.snapid = snap_id;
> >      } else {
> >          pstrcpy(snap_tag, sizeof(snap_tag), snapshot_id);
> >          pstrcpy(buf + SD_MAX_VDI_LEN, SD_MAX_VDI_TAG_LEN,
> snap_tag);
> >      }
> >
> > -    ret = find_vdi_name(s, s->name, snap_id, snap_tag, &vid, true,
> > +    ret = find_vdi_name(s, s->name, hdr.snapid, snap_tag, &vid, true,
> >                          &local_err);
> >      if (ret) {
> > +        error_report_err(local_err);
> >          return ret;
> >      }
> >
> >
> 
> A patch for this has been posted yesterday by Jeff Cody.
> 

OK, I found it. And Max's comments is right, Jef can use hdr.snapid instead of snap_tag
to invoke find_vdi_name().

But, except that fix, My patch also fixed a memory leak, did you see that? Do I need
post an separate patch to fix memory leak?


Regards,
-Gonglei

Re: [Qemu-devel] [PATCH 6/6] smbus: fix memory leak

[Gonglei (Arei)]

> Subject: Re: [PATCH 6/6] smbus: fix memory leak
> 
> 
> 
> On 03/03/2016 10:43, Gonglei wrote:
> > Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> > ---
> >  hw/i2c/smbus_eeprom.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/hw/i2c/smbus_eeprom.c b/hw/i2c/smbus_eeprom.c
> > index 5b7bd89..83c6b27 100644
> > --- a/hw/i2c/smbus_eeprom.c
> > +++ b/hw/i2c/smbus_eeprom.c
> > @@ -156,4 +156,6 @@ void smbus_eeprom_init(I2CBus *smbus, int
> nb_eeprom,
> >          qdev_prop_set_ptr(eeprom, "data", eeprom_buf + (i * 256));
> >          qdev_init_nofail(eeprom);
> >      }
> > +
> > +    g_free(eeprom_buf);
> >  }
> >
> 
> This is wrong, eeprom_buf is passed to the device through qdev_prop_set_ptr.
> 
Oops, right, NACK. Thanks!


Regards,
-Gonglei

Re: [Qemu-devel] [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds access

[Paolo Bonzini]

On 03/03/2016 13:00, Gonglei (Arei) wrote:
>>> > >
>>> > > -    ret = find_vdi_name(s, s->name, snap_id, snap_tag, &vid, true,
>>> > > +    ret = find_vdi_name(s, s->name, hdr.snapid, snap_tag, &vid, true,
>>> > >                          &local_err);
>>> > >      if (ret) {
>>> > > +        error_report_err(local_err);
>>> > >          return ret;
>>> > >      }
>>> > >
>>> > >
>> > 
>> > A patch for this has been posted yesterday by Jeff Cody.
>> > 
> OK, I found it. And Max's comments is right, Jef can use hdr.snapid instead of snap_tag
> to invoke find_vdi_name().
> 
> But, except that fix, My patch also fixed a memory leak, did you see that?

No, I didn't notice -- it's not clear that error_report_err also frees
the error.

> Do I need post an separate patch to fix memory leak?

Yes, but the right fix in my opinion is to pass errp to find_vdi_name
instead.

Paolo

Re: [Qemu-devel] [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds access

[Gonglei (Arei)]

Regards,
-Gonglei


> -----Original Message-----
> From: Paolo Bonzini [mailto:pbonzini@redhat.com]
> Sent: Thursday, March 03, 2016 8:12 PM
> To: Gonglei (Arei); qemu-devel@nongnu.org
> Cc: qemu-trivial@nongnu.org
> Subject: Re: [PATCH 2/6] sheepdog: fix possible resouce leak and out-of-bounds
> access
> 
> 
> 
> On 03/03/2016 13:00, Gonglei (Arei) wrote:
> >>> > >
> >>> > > -    ret = find_vdi_name(s, s->name, snap_id, snap_tag, &vid, true,
> >>> > > +    ret = find_vdi_name(s, s->name, hdr.snapid, snap_tag, &vid,
> true,
> >>> > >                          &local_err);
> >>> > >      if (ret) {
> >>> > > +        error_report_err(local_err);
> >>> > >          return ret;
> >>> > >      }
> >>> > >
> >>> > >
> >> >
> >> > A patch for this has been posted yesterday by Jeff Cody.
> >> >
> > OK, I found it. And Max's comments is right, Jef can use hdr.snapid instead of
> snap_tag
> > to invoke find_vdi_name().
> >
> > But, except that fix, My patch also fixed a memory leak, did you see that?
> 
> No, I didn't notice -- it's not clear that error_report_err also frees
> the error.
> 
> > Do I need post an separate patch to fix memory leak?
> 
> Yes, but the right fix in my opinion is to pass errp to find_vdi_name
> instead.
> 
You are right, we'd better drop local_err in sd_snapshot_delete().

Regards,
-Gonglei

Re: [Qemu-devel] [PATCH 0/6] fix some coverity complains

[Gonglei (Arei)]

Hi Paolo,

Would you pls pick patch 1,3,4,5 to qemu-2.6 ? 

It seems the trivial-branch maintainer didn't notice them. :(

Regards,
-Gonglei


> -----Original Message-----
> From: Gonglei (Arei)
> Sent: Thursday, March 03, 2016 5:44 PM
> To: qemu-devel@nongnu.org
> Cc: pbonzini@redhat.com; qemu-trivial@nongnu.org; Gonglei (Arei)
> Subject: [PATCH 0/6] fix some coverity complains
> 
> 
> Gonglei (6):
>   egl-helpers: fix possible resource leak
>   sheepdog: fix possible resouce leak and out-of-bounds access
>   spice: fix coverity complains
>   hostmem-file: fix memory leak
>   spapr: fix possible Negative array index read
>   smbus: fix memory leak
> 
>  backends/hostmem-file.c | 5 ++++-
>  block/sheepdog.c        | 9 ++++++---
>  hw/i2c/smbus_eeprom.c   | 2 ++
>  hw/ppc/spapr.c          | 4 ++++
>  ui/egl-helpers.c        | 9 +++------
>  ui/spice-display.c      | 4 +---
>  6 files changed, 20 insertions(+), 13 deletions(-)
> 
> --
> 1.8.5.2
> 

Re: [Qemu-devel] [PATCH 0/6] fix some coverity complains

[Paolo Bonzini]

On 06/04/2016 04:12, Gonglei (Arei) wrote:
> Hi Paolo,
> 
> Would you pls pick patch 1,3,4,5 to qemu-2.6 ? 

Gerd, can you pick up the three spice and egl-helpers patches?

I'll take care of the backends/ one.

Paolo

> It seems the trivial-branch maintainer didn't notice them. :(
> 
> Regards,
> -Gonglei
> 
> 
>> -----Original Message-----
>> From: Gonglei (Arei)
>> Sent: Thursday, March 03, 2016 5:44 PM
>> To: qemu-devel@nongnu.org
>> Cc: pbonzini@redhat.com; qemu-trivial@nongnu.org; Gonglei (Arei)
>> Subject: [PATCH 0/6] fix some coverity complains
>>
>>
>> Gonglei (6):
>>   egl-helpers: fix possible resource leak
>>   sheepdog: fix possible resouce leak and out-of-bounds access
>>   spice: fix coverity complains
>>   hostmem-file: fix memory leak
>>   spapr: fix possible Negative array index read
>>   smbus: fix memory leak
>>
>>  backends/hostmem-file.c | 5 ++++-
>>  block/sheepdog.c        | 9 ++++++---
>>  hw/i2c/smbus_eeprom.c   | 2 ++
>>  hw/ppc/spapr.c          | 4 ++++
>>  ui/egl-helpers.c        | 9 +++------
>>  ui/spice-display.c      | 4 +---
>>  6 files changed, 20 insertions(+), 13 deletions(-)
>>
>> --
>> 1.8.5.2
>>
> 
> 
> 

Re: [Qemu-devel] [PATCH 0/6] fix some coverity complains

[Paolo Bonzini]

On 06/04/2016 08:30, Paolo Bonzini wrote:
> 
> 
> On 06/04/2016 04:12, Gonglei (Arei) wrote:
>> Hi Paolo,
>>
>> Would you pls pick patch 1,3,4,5 to qemu-2.6 ? 
> 
> Gerd, can you pick up the three spice and egl-helpers patches?

Hem, two. :)

Paolo

> I'll take care of the backends/ one.
> 
> Paolo
> 
>> It seems the trivial-branch maintainer didn't notice them. :(
>>
>> Regards,
>> -Gonglei
>>
>>
>>> -----Original Message-----
>>> From: Gonglei (Arei)
>>> Sent: Thursday, March 03, 2016 5:44 PM
>>> To: qemu-devel@nongnu.org
>>> Cc: pbonzini@redhat.com; qemu-trivial@nongnu.org; Gonglei (Arei)
>>> Subject: [PATCH 0/6] fix some coverity complains
>>>
>>>
>>> Gonglei (6):
>>>   egl-helpers: fix possible resource leak
>>>   sheepdog: fix possible resouce leak and out-of-bounds access
>>>   spice: fix coverity complains
>>>   hostmem-file: fix memory leak
>>>   spapr: fix possible Negative array index read
>>>   smbus: fix memory leak
>>>
>>>  backends/hostmem-file.c | 5 ++++-
>>>  block/sheepdog.c        | 9 ++++++---
>>>  hw/i2c/smbus_eeprom.c   | 2 ++
>>>  hw/ppc/spapr.c          | 4 ++++
>>>  ui/egl-helpers.c        | 9 +++------
>>>  ui/spice-display.c      | 4 +---
>>>  6 files changed, 20 insertions(+), 13 deletions(-)
>>>
>>> --
>>> 1.8.5.2
>>>
>>
>>
>>
> 
> 

Re: [Qemu-devel] [PATCH 3/6] spice: fix coverity complains

[Gonglei (Arei)]

Hi Gerd,

Pls pick this one, thanks :)

Regards,
-Gonglei


> -----Original Message-----
> From: Paolo Bonzini [mailto:pbonzini@redhat.com]
> Sent: Thursday, March 03, 2016 7:19 PM
> To: Gonglei (Arei); qemu-devel@nongnu.org
> Cc: qemu-trivial@nongnu.org
> Subject: Re: [PATCH 3/6] spice: fix coverity complains
> 
> 
> 
> On 03/03/2016 10:43, Gonglei wrote:
> > Remove the unnecessary NULL check.
> >
> > Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> > ---
> >  ui/spice-display.c | 4 +---
> >  1 file changed, 1 insertion(+), 3 deletions(-)
> >
> > diff --git a/ui/spice-display.c b/ui/spice-display.c
> > index 242ab5f..1ffbec1 100644
> > --- a/ui/spice-display.c
> > +++ b/ui/spice-display.c
> > @@ -769,9 +769,7 @@ static void
> display_mouse_define(DisplayChangeListener *dcl,
> >      SimpleSpiceDisplay *ssd = container_of(dcl, SimpleSpiceDisplay, dcl);
> >
> >      qemu_mutex_lock(&ssd->lock);
> > -    if (c) {
> > -        cursor_get(c);
> > -    }
> > +    cursor_get(c);
> >      cursor_put(ssd->cursor);
> >      ssd->cursor = c;
> >      ssd->hot_x = c->hot_x;
> >
> 
> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Re: [Qemu-devel] [PATCH 1/6] egl-helpers: fix possible resource leak

[Gonglei (Arei)]

And this one.  Thanks :)


Regards,
-Gonglei


> -----Original Message-----
> From: Paolo Bonzini [mailto:pbonzini@redhat.com]
> Sent: Thursday, March 03, 2016 7:19 PM
> To: Gonglei (Arei); qemu-devel@nongnu.org
> Cc: qemu-trivial@nongnu.org
> Subject: Re: [PATCH 1/6] egl-helpers: fix possible resource leak
> 
> 
> 
> On 03/03/2016 10:43, Gonglei wrote:
> > CID 1352419, using g_strdup_printf instead of asprintf.
> >
> > Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> > ---
> >  ui/egl-helpers.c | 9 +++------
> >  1 file changed, 3 insertions(+), 6 deletions(-)
> >
> > diff --git a/ui/egl-helpers.c b/ui/egl-helpers.c
> > index 54be44c..2da1930 100644
> > --- a/ui/egl-helpers.c
> > +++ b/ui/egl-helpers.c
> > @@ -50,18 +50,15 @@ int qemu_egl_rendernode_open(void)
> >              continue;
> >          }
> >
> > -        r = asprintf(&p, "/dev/dri/%s", e->d_name);
> > -        if (r < 0) {
> > -            return -1;
> > -        }
> > +        p = g_strdup_printf("/dev/dri/%s", e->d_name);
> >
> >          r = open(p, O_RDWR | O_CLOEXEC | O_NOCTTY |
> O_NONBLOCK);
> >          if (r < 0) {
> > -            free(p);
> > +            g_free(p);
> >              continue;
> >          }
> >          fd = r;
> > -        free(p);
> > +        g_free(p);
> >          break;
> >      }
> >
> >
> 
> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>