On 03/22/2010 02:40 PM, Matthias Bolte wrote:
> <source file=''/> results in def->disks[i]->src == NULL. But
> vboxDomainDefineXML didn't check def->disks[i]->src for NULL
> and expected it to be a valid string.
>
> Add checks for def->disks[i]->src != NULL to fix the segfault.
ACK, but did you catch all the places? For example,
> @@ -3519,7 +3519,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
> DEBUG("disk(%d) shared: %s", i, def->disks[i]->shared ? "True" : "False");
>
> if (def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM) {
> - if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE) {
> + if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE &&
> + def->disks[i]->src != NULL) {
> IDVDDrive *dvdDrive = NULL;
> /* Currently CDROM/DVD Drive is always IDE
> * Secondary Master so neglecting the following
> @@ -3801,7 +3802,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
in between these two line ranges, I see a usage at line 3591 under
def->disks[i]->device==VIR_DOMAIN_DISK_TYPE_DISK that seems like it
could be vulnerable to the same problem.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list