Local scan results look great on first glance. Comparing summary.txt, I get
-2 TAINTED_STRING
1 MISSING_LOCK
1 REVERSE_NEGATIVE
-4 FORWARD_NULL
-6 CHECKED_RETURN
-21 RESOURCE_LEAK
4 TAINTED_SCALAR
-2 NEGATIVE_RETURNS
-3 NULL_RETURNS
A closer examination of the RESOURCE_LEAK differences looks finds both
improvements and regressions. A few defects we've classified as bugs
are gone. A few false positives appear even though the model tries to
suppress them.
Paolo, can you see anything wrong with my new model?
= RESOURCE_LEAKs new =
== Look like a bug ==
blockdev-nbd.c:35: leaked_handle: Handle variable "fd" going out of scope leaks
the handle.
== Look like false positive ==
The ones in qemu-char.c should be suppressed by our model of
g_io_channel_unix_new(). Can't see how it screwed that up.
qemu-char.c:1107: leaked_handle: Handle variable "fd_in" going out of scope
leaks the handle.
qemu-char.c:1107: leaked_handle: Handle variable "fd_out" going out of scope
leaks the handle.
qemu-char.c:4062: leaked_handle: Handle variable "in" going out of scope leaks
the handle.
qemu-char.c:4062: leaked_handle: Handle variable "out" going out of scope leaks
the handle.
qemu-char.c:4076: leaked_handle: Handle variable "fd" going out of scope leaks
the handle.
qemu-nbd.c:383: leaked_handle: Handle variable "fd" going out of scope leaks
the handle.
ui/vnc.c:2930: leaked_handle: Handle variable "csock" going out of scope leaks
the handle.
ui/vnc.c:3312: leaked_handle: Handle variable "csock" going out of scope leaks
the handle.
== Unsure ==
hw/arm/omap_sx1.c:106: leaked_storage: Variable "__p" going out of scope leaks
the storage it points to.
hw/arm/omap_sx1.c:208: leaked_storage: Variable "flash_1" going out of scope
leaks the storage it points to.
hw/misc/macio/macio.c:276: leaked_storage: Variable "__p" going out of scope
leaks the storage it points to.
hw/misc/macio/macio.c:281: leaked_storage: Variable "timer_memory" going out of
scope leaks the storage it points to.
hw/misc/macio/macio.c:299: leaked_storage: Variable "timer_memory" going out of
scope leaks the storage it points to.
hw/ppc/e500.c:582: leaked_storage: Variable "__p" going out of scope leaks the
storage it points to.
hw/ppc/e500.c:596: leaked_storage: Variable "p" going out of scope leaks the
storage it points to.
= RESOURCE_LEAKs gone =
== Dismissed / False Positive ==
block/raw-posix.c:1906: leaked_storage: Variable "local_err" going out of scope
leaks the storage it points to.
block/raw-posix.c:1910: leaked_storage: Variable "local_err" going out of scope
leaks the storage it points to.
block/raw-posix.c:2165: leaked_storage: Variable "local_err" going out of scope
leaks the storage it points to.
block/sheepdog.c:2260: leaked_storage: Variable "local_err" going out of scope
leaks the storage it points to.
migration/tcp.c:53: leaked_handle: Ignoring handle opened by
"inet_nonblocking_connect(host_port, tcp_wait_for_connect, s, errp)" leaks it.
migration/unix.c:53: leaked_handle: Ignoring handle opened by
"unix_nonblocking_connect(path, unix_wait_for_connect, s, errp)" leaks it.
== New / Unclassified ==
hw/i2c/smbus_eeprom.c:158: leaked_storage: Variable "eeprom_buf" going out of
scope leaks the storage it points to.
hw/mips/mips_malta.c:864: leaked_storage: Variable "prom_buf" going out of
scope leaks the storage it points to.
hw/mips/mips_r4k.c:142: leaked_storage: Variable "params_buf" going out of
scope leaks the storage it points to.
hw/ppc/mac_newworld.c:497: leaked_storage: Variable "openpic_irqs" going out of
scope leaks the storage it points to.
hw/ppc/mac_oldworld.c:354: leaked_storage: Variable "heathrow_irqs" going out
of scope leaks the storage it points to.
== Triaged / Bug ==
These are worrying. Something wrong with my new model?
hw/s390x/s390-pci-bus.c:195: leaked_storage: Variable "sei_cont" going out of
scope leaks the storage it points to.
vl.c:1065: leaked_storage: Ignoring storage allocated by
"monitor_fdset_add_fd(dupfd, true, fdset_id, (fd_opaque ? 1 : 0), fd_opaque,
NULL)" leaks it.
= Local RESOURCE_LEAKs gone =
Local means my local scan has them, but the Coverity Scan service
doesn't. No idea why.
== Look like false positive ==
block/qapi.c:368: leaked_storage: Variable "info" going out of scope leaks the
storage it points to.
hw/lm32/lm32_boards.c:164: leaked_storage: Variable "reset_info" going out of
scope leaks the storage it points to.
hw/lm32/lm32_boards.c:297: leaked_storage: Variable "reset_info" going out of
scope leaks the storage it points to.
hw/lm32/milkymist.c:211: leaked_storage: Variable "reset_info" going out of
scope leaks the storage it points to.
hw/mips/mips_mipssim.c:233: leaked_storage: Variable "reset_info" going out of
scope leaks the storage it points to.
hw/sh4/r2d.c:353: leaked_storage: Variable "reset_info" going out of scope
leaks the storage it points to.
hw/sparc/leon3.c:217: leaked_storage: Variable "reset_info" going out of scope
leaks the storage it points to.
hw/sparc64/sun4u.c:812: leaked_storage: Variable "reset_info" going out of
scope leaks the storage it points to.
qga/main.c:612: leaked_storage: Variable "obj" going out of scope leaks the
storage it points to.
== Leaks on error path to exit() ==
Function leaks on error path, but caller exit()s on error, so we don't
care.
xen-hvm.c:1100: leaked_storage: Variable "state" going out of scope leaks the
storage it points to.
xen-hvm.c:1106: leaked_storage: Variable "state" going out of scope leaks the
storage it points to.
== Look like a bug ==
numa.c:414: leaked_storage: Variable "err" going out of scope leaks the storage
it points to.
== Unsure ==
hw/mips/mips_fulong2e.c:171: leaked_storage: Variable "prom_buf" going out of
scope leaks the storage it points to.
