On 09/21/2011 12:10 PM, ajia@xxxxxxxxxx wrote:
From: Alex Jia<ajia@xxxxxxxxxx> * src/locking/lock_driver_sanlock.c: in fact, virStrcpy calls virStrncpy(dest, src, strlen(src), destbytes) then return result, if 'path' is NULL, it means 'src' is also NULL, strlen(NULL) will dereference a NULL pointer, which probably causes a segmentation fault. Signed-off-by: Alex Jia<ajia@xxxxxxxxxx> --- src/locking/lock_driver_sanlock.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c index 2d72510..8c6d873 100644 --- a/src/locking/lock_driver_sanlock.c +++ b/src/locking/lock_driver_sanlock.c @@ -158,7 +158,7 @@ static int virLockManagerSanlockSetupLockspace(void) memcpy(ls.name, VIR_LOCK_MANAGER_SANLOCK_AUTO_DISK_LOCKSPACE, SANLK_NAME_LEN); ls.host_id = 0; /* Doesn't matter for initialization */ ls.flags = 0; - if (!virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) { + if (!path || !virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) { virLockError(VIR_ERR_INTERNAL_ERROR, _("Lockspace path '%s' exceeded %d characters"), path, SANLK_PATH_LEN);
NACK. The prior virAsprintf guarantees that path is non-NULL at this point. Rather, the real problem that Coverity is complaining about here is that the only way to get to the error_unlink: label is if path is already non-NULL, so that the 'if (path)' in that label is redundant.
-- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list