On Tue, May 03, 2011 at 09:46:15AM -0600, Eric Blake wrote: > This code has had problems historically. As originally > written, in commit 6bcf2501 (Jun 08), it could call unlink > on a random string, nuking an unrelated file. > > Then commit 182a80b9 (Sep 09), the code was rewritten to > allocate tmp, with both a use-after-free bug and a chance to > call unlink(NULL). > > Commit e206946 (Mar 11) fixed the use-after-free, but not the > NULL dereference. Thanks to clang for catching this! > > * src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call > unlink on NULL. > --- > src/qemu/qemu_driver.c | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c > index 16d869d..3ee4720 100644 > --- a/src/qemu/qemu_driver.c > +++ b/src/qemu/qemu_driver.c > @@ -5355,7 +5355,8 @@ endjob: > > cleanup: > VIR_FORCE_CLOSE(fd); > - unlink (tmp); > + if (tmp) > + unlink (tmp); Could loose the extra space there after function name too > VIR_FREE(tmp); > if (vm) > virDomainObjUnlock(vm); ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list