On Wed, Jul 04, 2012 at 13:30:52 +0200, Peter Krempa wrote:
> On 07/04/12 12:23, Peter Krempa wrote:
> > In vshSnapshotListCollect() vshCalloc was called with swapped nmemb and
> > size argument. This caused division by zero in xalloc_oversized as the
> > macro doesn't expect size to be zero.
> > ---
> > tools/virsh.c | 4 ++--
> > 1 files changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/virsh.c b/tools/virsh.c
> > index 53d1825..25ed177 100644
> > --- a/tools/virsh.c
> > +++ b/tools/virsh.c
> > @@ -17200,8 +17200,8 @@ vshSnapshotListCollect(vshControl *ctl, virDomainPtr dom,
> > if (count >= 0) {
> > /* When mixing --from and --tree, we also want a copy of from
> > * in the list, but with no parent for that one entry. */
> > - snaplist->snaps = vshCalloc(ctl, sizeof(*snaplist->snaps),
> > - count + (tree && from));
> > + snaplist->snaps = vshCalloc(ctl, pcount + (tree && from),
>
> Actualy, here's a typo: I'll squash in s/pcount/count/.
>
> > + sizeof(*snaplist->snaps));
> > snaplist->nsnaps = count;
> > for (i = 0; i < count; i++)
> > snaplist->snaps[i].snap = snaps[i];
ACK
Jirka
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list