[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu: avoid dereference of null pointer



On 08/05/2011 03:47 AM, Eric Blake wrote:
On 08/04/2011 11:14 AM, Alex Jia wrote:
Also, how does checking for a non-zero union value prevent a null
dereference?

To be honest, I'm not sure this, however, it's okay for ccc-analyzer if
I add these judgements,

Is ccc-analyzer different from clang? If so, how can I set it up, to reproduce the problem you saw?
It may be different, I will tidy up a docs or resource and then sending to you.

Regards,
Alex

I previously saw a false positive in one of these functions (qemudDomainGetMemoryParameters) when using Coverity, but that was fixed by commit f768b4c3, but Coverity was silent for the other 4 functions you touched. I'm now trying to do a clang run to see if that differs from Coverity. The Coverity false positive was that our logic confused the static analyzers:

type var; // uninit
if (flags & _CONFIG)
  var = something
if (flags & _LIVE)
  do something else
if (flags & _CONFIG)
  use var

this pattern was enough to make the analyzers think that var could be used uninitialized, or initialized to NULL, in a setting where it must not be NULL; but once you see that it is merely a case of the analyzer getting it wrong (var is _only_ used under the same conditions where it was previously assigned earlier on), the solution is to add sa_assert() hints to the analyzers.

NACK to this patch; we need to get to the real root of why the analyzers are complaining, and fix the real bug if there is one (but I didn't see one in my manual inspection), or more likely add sa_assert() hints to silence the analyzer.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]