On 05/03/2011 10:47 AM, Daniel P. Berrange wrote: > On Tue, May 03, 2011 at 09:46:15AM -0600, Eric Blake wrote: >> This code has had problems historically. As originally >> written, in commit 6bcf2501 (Jun 08), it could call unlink >> on a random string, nuking an unrelated file. >> >> Then commit 182a80b9 (Sep 09), the code was rewritten to >> allocate tmp, with both a use-after-free bug and a chance to >> call unlink(NULL). >> >> Commit e206946 (Mar 11) fixed the use-after-free, but not the >> NULL dereference. Thanks to clang for catching this! >> >> * src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call >> unlink on NULL. >> cleanup: >> VIR_FORCE_CLOSE(fd); >> - unlink (tmp); >> + if (tmp) >> + unlink (tmp); > > Could loose the extra space there after function name too [The editor in me pauses for an English lesson: s/loose/lose/. Admittedly, English is stupid, but if you remember that 'loose' always rhymes with 'goose', then you know when to 'use' 'lose'.] Done > >> VIR_FREE(tmp); >> if (vm) >> virDomainObjUnlock(vm); > > ACK and pushed. -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list