Re: [libvirt] [PATCH] vbox: Fix segfault on empty device source

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/22/2010 02:40 PM, Matthias Bolte wrote:
> <source file=''/> results in def->disks[i]->src == NULL. But
> vboxDomainDefineXML didn't check def->disks[i]->src for NULL
> and expected it to be a valid string.
> 
> Add checks for def->disks[i]->src != NULL to fix the segfault.

ACK, but did you catch all the places?  For example,

> @@ -3519,7 +3519,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
>                  DEBUG("disk(%d) shared:     %s", i, def->disks[i]->shared ? "True" : "False");
>  
>                  if (def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM) {
> -                    if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE) {
> +                    if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE &&
> +                        def->disks[i]->src != NULL) {
>                          IDVDDrive *dvdDrive = NULL;
>                          /* Currently CDROM/DVD Drive is always IDE
>                           * Secondary Master so neglecting the following
> @@ -3801,7 +3802,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {

in between these two line ranges, I see a usage at line 3591 under
def->disks[i]->device==VIR_DOMAIN_DISK_TYPE_DISK that seems like it
could be vulnerable to the same problem.

-- 
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]