On Fri, Jul 09, 2021 at 15:43:06 +0200, Tim Wiederhake wrote:
> `virThreadPoolNewFull` may call `virThreadPoolExpand` with `prioWorkers` = 0.
Could you elaborate in which situations this happens?
> This causes `virThreadPoolExpand` to call `VIR_EXPAND_N` on a null pointer
> and an increment of zero. The zero increment triggers `virReallocN` to not
> actually allocate any memory and leave the pointer NULL, which, eventually,
> causes `memset(NULL, 0, 0)` to be called in `virExpandN`.
>
> `memset` is declared `__attribute__ ((__nonnull__ 1))`, which triggers the
> following warning when libvirt is compiled with address sanitizing enabled:
>
> src/util/viralloc.c:82:5: runtime error: null pointer passed as
> argument 1, which is declared to never be null
>
> Signed-off-by: Tim Wiederhake <twiederh@xxxxxxxxxx>
> ---
> src/util/virthreadpool.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/util/virthreadpool.c b/src/util/virthreadpool.c
> index 9ddd86a679..c9d2a17ff4 100644
> --- a/src/util/virthreadpool.c
> +++ b/src/util/virthreadpool.c
> @@ -179,6 +179,9 @@ virThreadPoolExpand(virThreadPool *pool, size_t gain, bool priority)
> size_t i = 0;
> struct virThreadPoolWorkerData *data = NULL;
>
> + if (gain == 0)
> + return 0;
IMO this is fixing a symptom rather than a root cause unless you justify
it.
> +
> VIR_EXPAND_N(*workers, *curWorkers, gain);
>
> for (i = 0; i < gain; i++) {
> --
> 2.31.1
>
