Re: [PATCH] esx: Fix a potential crash

Matthias Bolte <matthias.bolte@xxxxxxxxxxxxxx> · Tue, 12 Jul 2011 11:50:31 +0200

2011/7/12 Osier Yang <jyang@xxxxxxxxxx>:
> 于 2011年07月12日 16:58, Daniel Veillard 写道:
>>
>> On Tue, Jul 12, 2011 at 05:05:16PM +0800, Osier Yang wrote:
>>>
>>> Initialize ptr data.datastorePathWithoutFileName as NULL, otherwise
>>> it might cause crash when trying to free it in cleanup.
>>>
>>> ---
>>>  src/esx/esx_driver.c |    1 +
>>>  1 files changed, 1 insertions(+), 0 deletions(-)
>>>
>>> diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
>>> index ddb8c23..ae614a6 100644
>>> --- a/src/esx/esx_driver.c
>>> +++ b/src/esx/esx_driver.c
>>> @@ -2698,6 +2698,7 @@ esxDomainGetXMLDesc(virDomainPtr domain, unsigned
>>> int flags)
>>>      char *vmx = NULL;
>>>      virVMXContext ctx;
>>>      esxVMX_Data data;
>>> +    data.datastorePathWithoutFileName = NULL;
>>>      virDomainDefPtr def = NULL;
>>>      char *xml = NULL;
>>
>> ACK,
>>
>> Daniel
>>
> Thanks, applied
>
> Osier

Yes, this fixes the problem.

I'd like to propose this more general approach here.

-- 
Matthias Bolte
http://photron.blogspot.com
From 556aa276640a8d562e953209e611747f62fd6713 Mon Sep 17 00:00:00 2001
From: Matthias Bolte <matthias.bolte@xxxxxxxxxxxxxx>
Date: Tue, 12 Jul 2011 11:34:55 +0200
Subject: [PATCH] esx: Initialize all instances of esxVMX_Data to zero

To avoid using or freeing uninitialized memory or pointers.
---
 src/esx/esx_driver.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index ae614a6..4643a32 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -2698,10 +2698,11 @@ esxDomainGetXMLDesc(virDomainPtr domain, unsigned int flags)
     char *vmx = NULL;
     virVMXContext ctx;
     esxVMX_Data data;
-    data.datastorePathWithoutFileName = NULL;
     virDomainDefPtr def = NULL;
     char *xml = NULL;
 
+    memset(&data, 0, sizeof (data));
+
     if (esxVI_EnsureSession(priv->primary) < 0) {
         return NULL;
     }
@@ -2805,6 +2806,8 @@ esxDomainXMLFromNative(virConnectPtr conn, const char *nativeFormat,
     virDomainDefPtr def = NULL;
     char *xml = NULL;
 
+    memset(&data, 0, sizeof (data));
+
     if (STRNEQ(nativeFormat, "vmware-vmx")) {
         ESX_ERROR(VIR_ERR_INVALID_ARG,
                   _("Unsupported config format '%s'"), nativeFormat);
@@ -2844,6 +2847,8 @@ esxDomainXMLToNative(virConnectPtr conn, const char *nativeFormat,
     virDomainDefPtr def = NULL;
     char *vmx = NULL;
 
+    memset(&data, 0, sizeof (data));
+
     if (STRNEQ(nativeFormat, "vmware-vmx")) {
         ESX_ERROR(VIR_ERR_INVALID_ARG,
                   _("Unsupported config format '%s'"), nativeFormat);
@@ -3066,6 +3071,8 @@ esxDomainDefineXML(virConnectPtr conn, const char *xml)
     char *taskInfoErrorMessage = NULL;
     virDomainPtr domain = NULL;
 
+    memset(&data, 0, sizeof (data));
+
     if (esxVI_EnsureSession(priv->primary) < 0) {
         return NULL;
     }
-- 
1.7.4.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



