Jiri Denemark wrote: >> Passing a NULL "models" pointer along with a >> contradictory "nmodels >= 1" would cause a NULL-dereference. >> >> An alternative to the fix below would be simply to guard >> the NULL-derferencing strcmp with "if (models ...", >> but that wouldn't tell the caller that they're passing >> bogus arguments. > ... >> diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c >> index dae7c90..47dc400 100644 >> --- a/src/cpu/cpu_x86.c >> +++ b/src/cpu/cpu_x86.c >> @@ -1,7 +1,7 @@ >> /* >> * cpu_x86.c: CPU driver for CPUs with x86 compatible CPUID instruction >> * >> - * Copyright (C) 2009 Red Hat, Inc. >> + * Copyright (C) 2009-2010 Red Hat, Inc. >> * >> * This library is free software; you can redistribute it and/or >> * modify it under the terms of the GNU Lesser General Public >> @@ -954,6 +954,9 @@ x86Decode(virCPUDefPtr cpu, >> if (data == NULL || (map = x86LoadMap()) == NULL) >> return -1; >> >> + if (models == NULL && nmodels != 0) >> + return -1; >> + > > Hmm, this check introduces a possible memory leak, as it exists the function > without freeing map. We could just move the check at the beginning of the > function but since this is a private architecture specific implementation for > cpuDecode, I'd rather move the check one level up to the arch independent > entry point. A patch for that is attached. BTW, I've just pushed this. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list