The first statement in this function tests for freeFunc == NULL,
and if that's true, it does "goto failure" where it
proceeds to call through that NULL function pointer:
if (list == NULL || *list != NULL ||
castFromAnyTypeFunc == NULL || freeFunc == NULL) {
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR, "Invalid argument");
return -1;
}
...
failure:
freeFunc(&item);
freeFunc(list);
>From 97c5e9c87eb99d881ee84c4f09bb943f3410d3b1 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@xxxxxxxxxx>
Date: Tue, 15 Dec 2009 19:22:31 +0100
Subject: [PATCH] esx_vi.c: avoid NULL deref for invalid inputs
* src/esx/esx_vi.c (esxVI_List_CastFromAnyType): For invalid
inputs, fail right away. Do not "goto failure" where a NULL
input pointer would be dereferenced.
---
src/esx/esx_vi.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
index 5725b2f..1138e8c 100644
--- a/src/esx/esx_vi.c
+++ b/src/esx/esx_vi.c
@@ -935,7 +935,7 @@ esxVI_List_CastFromAnyType(virConnectPtr conn, esxVI_AnyType *anyType,
if (list == NULL || *list != NULL ||
castFromAnyTypeFunc == NULL || freeFunc == NULL) {
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR, "Invalid argument");
- goto failure;
+ return -1;
}
if (anyType == NULL) {
@@ -946,7 +946,7 @@ esxVI_List_CastFromAnyType(virConnectPtr conn, esxVI_AnyType *anyType,
ESX_VI_ERROR(conn, VIR_ERR_INTERNAL_ERROR,
"Expecting type to begin with 'ArrayOf' but found '%s'",
anyType->other);
- goto failure;
+ return -1;
}
for (childNode = anyType->_node->xmlChildrenNode; childNode != NULL;
--
1.6.6.rc2.275.g51e2d
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list