On 03/15/2011 06:32 AM, Daniel P. Berrange wrote:
> The virCommandNewArgs() method would free the virCommandPtr
> if it failed to add the args. This meant errors reported in
> virCommandAddArgSet() were lost. Simply removing the check
> for errors from the constructor means they can be reported
> correctly later
>
> The virCommandAddEnvPassCommon() method failed to check for
> errors before reallocating the cmd->env array, causing a
> potential SEGV if cmd was NULL
>
> The virCommandAddArgSet() method needs to validate that at
> least 1 element in 'val's parameter is non-NULL, otherwise
> code like
>
> cmd = virCommandNew(binary)
> virCommandAddAtg(cmd, "foo")
>
> Would end up trying todo execve("foo"), if binary was
> NULL.
Well, technically virCommandNew is ATTRIBUTE_NONNULL(1), so we would
have caught this via clang (gcc's not quite as smart as clang at
enforcing that parameter). But it doesn't hurt to be safe.
> ---
> src/util/command.c | 13 ++++++++-----
> 1 files changed, 8 insertions(+), 5 deletions(-)
ACK to all three cleanups.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list