Check the return value from qemu_socket() rather than trying to
pass it to bind() as an fd argument even if it's negative.
This wouldn't have caused any negative consequences, because
it won't be a valid fd number and the bind call will fail;
but Coverity complains (CID 1005723).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 slirp/udp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/slirp/udp.c b/slirp/udp.c
index 93d7224..227d779 100644
--- a/slirp/udp.c
+++ b/slirp/udp.c
@@ -335,6 +335,10 @@ udp_listen(Slirp *slirp, uint32_t haddr, u_int hport, uint32_t laddr,
 	    return NULL;
 	}
 	so->s = qemu_socket(AF_INET,SOCK_DGRAM,0);
+        if (so->s < 0) {
+            sofree(so);
+            return NULL;
+        }
 	so->so_expire = curtime + SO_EXPIRE;
 	insque(so, &slirp->udb);
 
-- 
2.1.4

On 02/04/2017 08:08 PM, Peter Maydell wrote:
> Check the return value from qemu_socket() rather than trying to
> pass it to bind() as an fd argument even if it's negative.
> This wouldn't have caused any negative consequences, because
> it won't be a valid fd number and the bind call will fail;
> but Coverity complains (CID 1005723).
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

> ---
>  slirp/udp.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/slirp/udp.c b/slirp/udp.c
> index 93d7224..227d779 100644
> --- a/slirp/udp.c
> +++ b/slirp/udp.c
> @@ -335,6 +335,10 @@ udp_listen(Slirp *slirp, uint32_t haddr, u_int hport, uint32_t laddr,
>  	    return NULL;
>  	}
>  	so->s = qemu_socket(AF_INET,SOCK_DGRAM,0);
> +        if (so->s < 0) {
> +            sofree(so);
> +            return NULL;
> +        }
>  	so->so_expire = curtime + SO_EXPIRE;
>  	insque(so, &slirp->udb);
>
>