On Thu, May 16, 2019 at 9:44 AM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
>
> On 5/15/19 11:49 AM, Ilias Stamatis wrote:
> > On Wed, May 15, 2019 at 10:14 AM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
> >>
> >> On 5/14/19 5:24 PM, Ilias Stamatis wrote:
> >>> On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
> >>>>
> >>>> On 5/14/19 12:50 PM, Ilias Stamatis wrote:
> >>>>> On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan@xxxxxxxxxx> wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> >>>>>>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
> >>>>>>>>
> >>>>>>>> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
> >>>>>>>>> Return the number of disks present in the configuration of the test
> >>>>>>>>> domain when called with @errors as NULL and @maxerrors as 0.
> >>>>>>>>>
> >>>>>>>>> Otherwise report an error for every second disk, assigning available
> >>>>>>>>> error codes in a cyclic order.
> >>>>>>>>>
> >>>>>>>>> Signed-off-by: Ilias Stamatis <stamatis.iliass@xxxxxxxxx>
> >>>>>>>>> ---
> >>>>>>>>> src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> >>>>>>>>> 1 file changed, 42 insertions(+)
> >>>>>>>>>
> >>>>>>>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> >>>>>>>>> index a06d1fc402..527c2f5d3b 100644
> >>>>>>>>> --- a/src/test/test_driver.c
> >>>>>>>>> +++ b/src/test/test_driver.c
> >>>>>>>>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain,
> >>>>>>>>> return 0;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> +static int testDomainGetDiskErrors(virDomainPtr dom,
> >>>>>>>>> + virDomainDiskErrorPtr errors,
> >>>>>>>>> + unsigned int maxerrors,
> >>>>>>>>> + unsigned int flags)
> >>>>>>>>> +{
> >>>>>>
> >>>>>> [...]
> >>>>>>
> >>>>>>>>> + n++;
> >>>>>>>>> + }
> >>>>>>>>> + ret = n;
> >>>>>>>>> + }
> >>>>>>>>> +
> >>>>>>>>> + cleanup:
> >>>>>>>>> + virDomainObjEndAPI(&vm);
> >>>>>>>>> + if (ret < 0) {
> >>>>>>>>> + for (i = 0; i < n; i++)
> >>>>>>>>> + VIR_FREE(errors[i].disk);
> >>>>>>>>> + }
> >>>>>>
> >>>>>> The above got changed to :
> >>>>>>
> >>>>>> + cleanup:
> >>>>>> + virDomainObjEndAPI(&vm);
> >>>>>> + if (ret < 0) {
> >>>>>> + for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
> >>>>>> + VIR_FREE(errors[i].disk);
> >>>>>> + }
> >>>>>
> >>>>> I think this change is incorrect and a bug lies in here.
> >>>>>
> >>>>> If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks,
> >>>>> maxerrors) will have been allocated, and then in the cleanup code
> >>>>> we'll call VIR_FREE with pointers that haven't been previously
> >>>>> allocated.
> >>>>
> >>>> That isn't a problem. User has to passed an array that we can touch. If
> >>>> they store some data in it, well, their fault - how are we supposed to
> >>>> return anything if we can't touch the array?
> >>>
> >>> I'm not sure I understand exactly what you mean.
> >>>
> >>> We can touch the array of course.
> >>>
> >>> What I'm saying is that we allocate memory with VIR_STRDUP for each
> >>> errors[i].disk, but if the call fails we free this memory on our own.
> >>>
> >>> However how it is implemented now we might call VIR_FREE on pointers
> >>> for which we have *not* allocated any memory.
> >>>
> >>> Because in the first loop, VIR_STRDUP might fail and send us to
> >>> "cleanup". But then on cleanup we iterate over the whole errors array.
> >>>
> >>> Isn't this incorrect? Do I understand something wrong?
> >>
> >>
> >> Ah, now I get it. If user passes an array that is not zeroed out then we
> >> might end up passing a random pointer to free(). How about this then?
> >>
> >> if (ret < 0) {
> >> while (i > 0)
> >> VIR_FREE(errors[i--].disk);
> >> }
> >>
> >
> > Yes, this would work I think. And then the other changes in the
> > cleanup etc are not needed.
> >
> > Ie it can be again:
> >
> > if (!(vm = testDomObjFromDomain(dom)))
> > goto cleanup;
> >
> > instead of "return -1" which is more consistent with the rest of the code.
>
> This is done in 1/2. Or what do you mean?
I meant that the previous change of returning -1 directly instead of
doing "goto cleanup" is not needed anymore. But of course it's fine
either way. Just with the goto, there will be only a single point of
exit.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
