[Spice-devel] [PATCH 3/3] Fix "NULL_RETURNS" caught by coverity
Fabiano Fidêncio
fabiano at fidencio.org
Wed Aug 6 03:08:52 PDT 2014
On Mon, Aug 4, 2014 at 3:39 PM, Christophe Fergeau <cfergeau at redhat.com>
wrote:
> On Mon, Jul 14, 2014 at 01:44:45PM +0200, Fabiano Fidêncio wrote:
> > On Mon, Jul 14, 2014 at 1:30 PM, Marc-André Lureau <mlureau at redhat.com>
> > wrote:
> > > Could malloc & free do not have annotations like the glib ones.
> > >
> > > What happens for example if you replace malloc() by g_malloc(), and
> free()
> > > by g_free() in the function below?
> > >
> >
> > I don't think that would help as one of the Coverity's complaints came
> > from: "data = g_malloc(d->area.width * d->area.height * 3);"
>
> Did it complain about an unchecked return value?
This is the message:
Error: NULL_RETURNS (CWE-476): [#def51]
spice-gtk-0.25.28-591b-dirty/spice-gtk-0.25.28/gtk/spice-widget.c:2564:
returned_null: Function "g_malloc0(gsize)" returns null.
spice-gtk-0.25.28-591b-dirty/spice-gtk-0.25.28/gtk/spice-widget.c:2564:
var_assigned: Assigning: "data" = null return value from "g_malloc0(gsize)".
spice-gtk-0.25.28-591b-dirty/spice-gtk-0.25.28/gtk/spice-widget.c:2566:
alias: Assigning: "dest" = "data". Both pointers are now null.
spice-gtk-0.25.28-591b-dirty/spice-gtk-0.25.28/gtk/spice-widget.c:2571:
dereference: Dereferencing a null pointer "dest".
It could be complaining about a potential integer overflow when computing
> how much to alloc.
>
Yeah, actually it does make sense, but still weird. I don't remember a
place where we could set, for instance, width or height with a really big
value.
Anyway, what is your suggestion? Check if d->area.width * d->area.height *
3 > 0 before alloc?
>
> Christophe
>
Best Regards,
--
Fabiano Fidêncio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20140806/c1224d1e/attachment.html>
More information about the Spice-devel
mailing list