Matthias Bolte wrote: > Hi, > > I came across this line in the phypOpen function: > > char string[strlen(conn->uri->path)]; > > Here the path part of the given URI is used without checking it for > NULL, this can cause a segfault as strlen expects a string != NULL. Heh, it's worse than that; there is a check later on for !conn || !conn->uri, so you are potentially de-referencing a NULL pointer. > Beside that uuid_db and connection_data leak in case of an error. > > In this line > > conn->uri->path = string; > > the original path of the URI leaks. The patch adds a VIR_FREE call > before setting the new path. > > The attached patch is compile-tested but I don't have a Power > Hypervisor installation at hand to test it for real. I also don't have a Power Hypervisor, but it looks sane enough to me. I'll say ACK, but it's probably a good idea to get someone who has Power to test it before you commit. -- Chris Lalancette -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list