Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
for a NULL return; and that by not checking we risk a null deref
during an error. The error is unlikely since the prior call to
virJSONValueArraySize would probably have already caught any botched
JSON array parse, but better safe than sorry.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
Check for NULL.
(qemuMonitorJSONExtractPtyPaths): Fix typo.
---
src/qemu/qemu_monitor_json.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index b7a6a12..2a9a078 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -1018,7 +1018,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONValuePtr reply,
int thread;
if (!entry) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("character device information was missing aray element"));
+ _("character device information was missing array element"));
goto cleanup;
}
@@ -2266,7 +2266,7 @@ static int qemuMonitorJSONExtractPtyPaths(virJSONValuePtr reply,
const char *id;
if (!entry) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("character device information was missing aray element"));
+ _("character device information was missing array element"));
goto cleanup;
}
@@ -2855,6 +2855,11 @@ static int qemuMonitorJSONGetBlockJobInfo(virJSONValuePtr reply,
for (i = 0; i < nr_results; i++) {
virJSONValuePtr entry = virJSONValueArrayGet(data, i);
+ if (!entry) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("missing array element"));
+ return -1;
+ }
if (qemuMonitorJSONGetBlockJobInfoOne(entry, device, info) == 0)
return 1;
}
--
1.7.4.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list