On Wed, Apr 21, 2010 at 11:25:48AM -0600, Eric Blake wrote:
> On 04/21/2010 10:01 AM, Chris Lalancette wrote:
> >
> > +static void qemuDomainDefNamespaceFree(void *nsdata)
> > +{
> > + qemuDomainCmdlineDefPtr cmd = nsdata;
> > + int i;
>
> s/int/unsigned int/
>
> > +static int qemuDomainDefNamespaceParse(xmlDocPtr xml,
> > + xmlNodePtr root,
> > + xmlXPathContextPtr ctxt,
> > + void **data)
> > +{
> > + qemuDomainCmdlineDefPtr cmd = NULL;
> > + xmlNsPtr ns;
> > + xmlNodePtr *nodes = NULL;
> > + int n, i;
>
> n must be signed, but can i be unsigned?
>
> > +
> > +static int qemuDomainDefNamespaceFormatXML(virBufferPtr buf,
> > + void *nsdata)
> > +{
> > + qemuDomainCmdlineDefPtr cmd = nsdata;
> > + int i;
>
> unsigned
>
> > +
> > + if (cmd->num_extra || cmd->num_env)
> > + virBufferAddLit(buf, " <qemu:commandline>\n");
> > + for (i = 0; i < cmd->num_extra; i++)
> > + virBufferVSprintf(buf, " <qemu:arg>%s</qemu:arg>\n", cmd->extra[i]);
>
> Is there any chance that cmd->extra[i] might contain content that needs
> escaping before it is valid as XML?
Yes, this should use virBufferEscapeString() instead.
>
> > + for (i = 0; i < cmd->num_env; i++) {
> > + virBufferVSprintf(buf, " <qemu:env name='%s'", cmd->env_name[i]);
> > + if (cmd->env_value[i])
> > + virBufferVSprintf(buf, " value='%s'", cmd->env_value[i]);
>
> Likewise for env_value[i]? (I'm assuming that env_name[i] is immune,
> since it was parsed using virXPathString("string(./@name)",), which
> should have rejected strings not valid as environment variable names.)
Yep, likewise here
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list