Jim Meyering wrote:
> This looks like a real bug.
>
>>From 170af3320e68a0ac2cfe854fba28abe0e4040d2c Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering@xxxxxxxxxx>
> Date: Thu, 3 Sep 2009 11:24:44 +0200
> Subject: [PATCH] openvz_conf.c: don't use undefined local, "net"
>
> * src/openvz_conf.c (openvzReadNetworkConf): Upon openvzRead... failure,
> simply return -1, rather than "goto error;" where an uninitialized
> "net" could be dereferenced.
> ---
> src/openvz_conf.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/openvz_conf.c b/src/openvz_conf.c
> index a172fe3..b1cb31a 100644
> --- a/src/openvz_conf.c
> +++ b/src/openvz_conf.c
> @@ -197,7 +197,7 @@ openvzReadNetworkConf(virConnectPtr conn,
> openvzError(conn, VIR_ERR_INTERNAL_ERROR,
> _("Could not read 'IP_ADDRESS' from config for container %d"),
> veid);
> - goto error;
> + return -1;
> } else if (ret > 0) {
> token = strtok_r(temp, " ", &saveptr);
> while (token != NULL) {
When I reran the tool, there was still a potential NULL-deref,
so I propose to do this instead:
>From d120f7693f1ae0e213bd9e8b244968b49dfe1427 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@xxxxxxxxxx>
Date: Thu, 3 Sep 2009 12:33:11 +0200
Subject: [PATCH] openvz_conf.c: don't use undefined local, "net"
* src/openvz_conf.c (openvzReadNetworkConf): Initialize "net".
Otherwise, upon openvzRead... failure, we would "goto error;"
where an uninitialized "net" could be dereferenced.
---
src/openvz_conf.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/openvz_conf.c b/src/openvz_conf.c
index a172fe3..41c6684 100644
--- a/src/openvz_conf.c
+++ b/src/openvz_conf.c
@@ -183,7 +183,7 @@ openvzReadNetworkConf(virConnectPtr conn,
virDomainDefPtr def,
int veid) {
int ret;
- virDomainNetDefPtr net;
+ virDomainNetDefPtr net = NULL;
char temp[4096];
char *token, *saveptr = NULL;
--
1.6.4.2.395.ge3d52
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list