Matthias Bolte wrote: > 2009/8/20 Chris Lalancette <clalance@xxxxxxxxxx>: >> Matthias Bolte wrote: >>> Hi, >>> >>> I came across this line in the phypOpen function: >>> >>> char string[strlen(conn->uri->path)]; >>> >>> Here the path part of the given URI is used without checking it for >>> NULL, this can cause a segfault as strlen expects a string != NULL. >>> Beside that uuid_db and connection_data leak in case of an error. >>> >>> In this line >>> >>> conn->uri->path = string; >>> >>> the original path of the URI leaks. The patch adds a VIR_FREE call >>> before setting the new path. >>> >>> The attached patch is compile-tested but I don't have a Power >>> Hypervisor installation at hand to test it for real. >> I've now committed this patch (with some slight munging to get it to apply to >> recent libvirt.git). >> >> Thanks, >> -- >> Chris Lalancette >> > > Well, you should have applied version 2 of this patch, because version > 1 was invalidated by changes to escape_specialcharacters(). It now > takes a length argument, but string isn't an array anymore (but a char > pointer), so sizeof(string) does no longer the right thing: > > escape_specialcharacters(conn->uri->path, string, sizeof(string)) > > I attached patch version 2 again. Gah, sorry, I totally missed (or forgot about) that. I'll apply the incremental diff, thanks. -- Chris Lalancette -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list