On Wed, Jan 06, 2021 at 15:32:30 -0600, Ryan Gahagan wrote:
> Signed-off-by: Ryan Gahagan <rgahagan@xxxxxxxxxxxxx>
> ---
> src/qemu/qemu_block.c | 67 +++++++++++++++++++++++++++++++++++++++-
> src/qemu/qemu_domain.c | 70 ++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 136 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index b224a550f3..cef2f7d050 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
[...]
> @@ -674,6 +697,38 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
> }
>
>
> +static virJSONValuePtr
> +qemuBlockStorageSourceGetNFSProps(virStorageSourcePtr src)
> +{
> + g_autoptr(virJSONValue) server = NULL;
> + virJSONValuePtr ret = NULL;
> +
> + if (!(server = qemuBlockStorageSourceBuildJSONNFSServer(&src->hosts[0])))
> + return NULL;
> +
> + /* NFS disk specification example:
> + * { driver:"nfs",
> + * user: "0",
> + * group: "0",
> + * path: "/foo/bar/baz",
> + * server: {type:"tcp", host:"1.2.3.4"}}
> + */
> + ignore_value(virJSONValueObjectCreate(&ret,
> + "a:server", &server,
> + "S:path", src->path, NULL));
Not checking return here means that 'ret' can still be NULL after this
call ...
> +
> + if (src->nfs_uid != -1 &&
> + virJSONValueObjectAdd(ret, "i:user", src->nfs_uid, NULL) < 0)
and virJSONValueObjectAdd does not check if the first argument is
non-NULL and dereferences it always, thus this can lead to a crash.
I'll add the check of return value before pushing.
