On Wed, May 15, 2019 at 10:14:35 +0200, Michal Privoznik wrote: > On 5/14/19 5:24 PM, Ilias Stamatis wrote: > > On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote: [...] > > Because in the first loop, VIR_STRDUP might fail and send us to > > "cleanup". But then on cleanup we iterate over the whole errors array. > > > > Isn't this incorrect? Do I understand something wrong? > > > Ah, now I get it. If user passes an array that is not zeroed out then we > might end up passing a random pointer to free(). How about this then? Why don't you just sanitize the user-passed memory first then?
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
