From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
The virStoragePoolDefParseSource method would set def->nhosts
before allocating def->hosts. If the allocation failed due to
OOM, the cleanup code would crash accessing out of bounds.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
src/conf/storage_conf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 002663f..975e662 100644
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -594,11 +594,11 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt,
if ((n = virXPathNodeSet("./host", ctxt, &nodeset)) < 0)
goto cleanup;
- source->nhost = n;
- if (source->nhost) {
- if (VIR_ALLOC_N(source->hosts, source->nhost) < 0)
+ if (n) {
+ if (VIR_ALLOC_N(source->hosts, n) < 0)
goto cleanup;
+ source->nhost = n;
for (i = 0; i < source->nhost; i++) {
name = virXMLPropString(nodeset[i], "name");
--
1.8.3.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list