On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
>
> On 5/14/19 12:50 PM, Ilias Stamatis wrote:
> > On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan@xxxxxxxxxx> wrote:
> >>
> >>
> >>
> >> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> >>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
> >>>>
> >>>> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
> >>>>> Return the number of disks present in the configuration of the test
> >>>>> domain when called with @errors as NULL and @maxerrors as 0.
> >>>>>
> >>>>> Otherwise report an error for every second disk, assigning available
> >>>>> error codes in a cyclic order.
> >>>>>
> >>>>> Signed-off-by: Ilias Stamatis <stamatis.iliass@xxxxxxxxx>
> >>>>> ---
> >>>>> src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> >>>>> 1 file changed, 42 insertions(+)
> >>>>>
> >>>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> >>>>> index a06d1fc402..527c2f5d3b 100644
> >>>>> --- a/src/test/test_driver.c
> >>>>> +++ b/src/test/test_driver.c
> >>>>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain,
> >>>>> return 0;
> >>>>> }
> >>>>>
> >>>>> +static int testDomainGetDiskErrors(virDomainPtr dom,
> >>>>> + virDomainDiskErrorPtr errors,
> >>>>> + unsigned int maxerrors,
> >>>>> + unsigned int flags)
> >>>>> +{
> >>
> >> [...]
> >>
> >>>>> + n++;
> >>>>> + }
> >>>>> + ret = n;
> >>>>> + }
> >>>>> +
> >>>>> + cleanup:
> >>>>> + virDomainObjEndAPI(&vm);
> >>>>> + if (ret < 0) {
> >>>>> + for (i = 0; i < n; i++)
> >>>>> + VIR_FREE(errors[i].disk);
> >>>>> + }
> >>
> >> The above got changed to :
> >>
> >> + cleanup:
> >> + virDomainObjEndAPI(&vm);
> >> + if (ret < 0) {
> >> + for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
> >> + VIR_FREE(errors[i].disk);
> >> + }
> >
> > I think this change is incorrect and a bug lies in here.
> >
> > If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks,
> > maxerrors) will have been allocated, and then in the cleanup code
> > we'll call VIR_FREE with pointers that haven't been previously
> > allocated.
>
> That isn't a problem. User has to passed an array that we can touch. If
> they store some data in it, well, their fault - how are we supposed to
> return anything if we can't touch the array?
I'm not sure I understand exactly what you mean.
We can touch the array of course.
What I'm saying is that we allocate memory with VIR_STRDUP for each
errors[i].disk, but if the call fails we free this memory on our own.
However how it is implemented now we might call VIR_FREE on pointers
for which we have *not* allocated any memory.
Because in the first loop, VIR_STRDUP might fail and send us to
"cleanup". But then on cleanup we iterate over the whole errors array.
Isn't this incorrect? Do I understand something wrong?
>
> >
> >>
> >> and Coverity got a wee bit grumpy for a couple of reasons...
> >>
> >> - The virDomainObjEndAPI will set @vm = NULL which makes the MIN
> >> statement quite unhappy if ret < 0
> >> - However, just moving that to after the if condition isn't good
> >> enough since the testDomObjFromDomain could causes us to jump to
> >> cleanup: with @vm = NULL (easily solved by return -1 there instead).
>
> Yep, I'll be posting patch soon.
>
> Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
