Re: [PATCH] qemu: avoid null pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 03, 2011 at 09:46:15AM -0600, Eric Blake wrote:
> This code has had problems historically.  As originally
> written, in commit 6bcf2501 (Jun 08), it could call unlink
> on a random string, nuking an unrelated file.
> 
> Then commit 182a80b9 (Sep 09), the code was rewritten to
> allocate tmp, with both a use-after-free bug and a chance to
> call unlink(NULL).
> 
> Commit e206946 (Mar 11) fixed the use-after-free, but not the
> NULL dereference.  Thanks to clang for catching this!
> 
> * src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
> unlink on NULL.
> ---
>  src/qemu/qemu_driver.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 16d869d..3ee4720 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -5355,7 +5355,8 @@ endjob:
> 
>  cleanup:
>      VIR_FORCE_CLOSE(fd);
> -    unlink (tmp);
> +    if (tmp)
> +        unlink (tmp);

Could loose the extra space there after function name too

>      VIR_FREE(tmp);
>      if (vm)
>          virDomainObjUnlock(vm);

ACK

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]