
On 11/12/2013 06:29 PM, John Ferlan wrote:
Coverity discovered that the free(domain->os_info.fv.arch) and then usage later on during get_default_machine() and get_default_emulator() calls could result in using free()'d memory.
If the 'cu_get_str_prop() failed or capsinfo == NULL, then the fv.arch wouldn't necessarily be strdup()'d.
Passing a NULL os_info.fv_arch into the get*() API's is fine since they'll call findDomainInfo() which can handle a NULL arch value.
Also added an initialization of val just to be safe. I don't think it's necessary though.
--- NOTE:
I found this during a Coverity run applying the endianness patches. For some reason Coverity "woke up" and saw this even though it hasn't found this issue in a couple months of runs since the changes to this module were made. See commit id '117dabb9'.
src/Virt_VirtualSystemManagementService.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
I'm going to revisit this as part of a larger set of Coverity patches. I've updated to Coverity 7.0 and there's 27 "issues" (although some in the same module). Once they are pushed maybe we can go with another release. John