9d7a4c6690
In current versions of GLib, g_new() may expand into g_malloc_n(). When it does, Coverity can't see the memory allocation, because we don't model g_malloc_n(). Similarly for g_new0(), g_renew(), g_try_new(), g_try_new0(), g_try_renew(). Model g_malloc_n(), g_malloc0_n(), g_realloc_n(). Model g_try_malloc_n(), g_try_malloc0_n(), g_try_realloc_n() by adding indeterminate out of memory conditions on top. To avoid undue duplication, replace the existing models for g_malloc() & friends by trivial wrappers around g_malloc_n() & friends. In a local scan, this flags four additional RESOURCE_LEAKs and one NULL_RETURNS. The NULL_RETURNS is a false positive: Coverity can now see that g_try_malloc(l1_sz * sizeof(uint64_t)) in qcow2_check_metadata_overlap() may return NULL, but is too stupid to recognize that a loop executing l1_sz times won't be entered then. Three out of the four RESOURCE_LEAKs appear genuine. The false positive is in ppce500_prep_device_tree(): the pointer dies, but a pointer to a struct member escapes, and we get the pointer back for freeing with container_of(). Too funky for Coverity. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org - QEMU team