On 07/04/12 12:23, Peter Krempa wrote:
In vshSnapshotListCollect() vshCalloc was called with swapped nmemb and
size argument. This caused division by zero in xalloc_oversized as the
macro doesn't expect size to be zero.
---
tools/virsh.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index 53d1825..25ed177 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -17200,8 +17200,8 @@ vshSnapshotListCollect(vshControl *ctl, virDomainPtr dom,
if (count >= 0) {
/* When mixing --from and --tree, we also want a copy of from
* in the list, but with no parent for that one entry. */
- snaplist->snaps = vshCalloc(ctl, sizeof(*snaplist->snaps),
- count + (tree && from));
+ snaplist->snaps = vshCalloc(ctl, pcount + (tree && from),
Actualy, here's a typo: I'll squash in s/pcount/count/.
+ sizeof(*snaplist->snaps));
snaplist->nsnaps = count;
for (i = 0; i < count; i++)
snaplist->snaps[i].snap = snaps[i];
Peter
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list