On Tue, Apr 29, 2008 at 02:46:14AM -0400, Daniel Veillard wrote: > On Mon, Apr 28, 2008 at 11:42:47PM +0100, Daniel P. Berrange wrote: > > The Xen driver uses a regex to process the hypervisor capabilities data > > > > "(xen|hvm)-[[:digit:]]+\\.[[:digit:]]+-(x86_32|x86_64|ia64|powerpc64)(p|be)?"; > > > > notice how the last match group, however, is optional due to the '?'. The > > code processing matches does not check to see if the match is present or > > not, and just indexes the string on match 3 > > > > if (strncmp (&token[subs[3].rm_so], "p", 1) == 0) > > > > Unfortunately, subs[3].rm_so is -1 if the match was not present, so we're > > doing an out of bounds array access here. This is fairly harmless, but it > > is still good to fix it. So this patch adds a check for -1 before accessing > > the match. I also replace the strncmp() calls with a call to the brand new > > STRPREFIX() convenience macro > > Okidoc, i assume valgrind spotted that, that's fairly well hidden ... Yeah, and valgrind only finds it on i386 - not x86_64, which is why I didn't spot it for sooo long ! Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list