[libvirt] [PATCH] udev: Don't let strtoul parse USB busnum and devnum as octal
by Matthias Bolte
udevGetUintProperty was called with base set to 0 for busnum and devnum.
With base 0 strtoul parses the number as octal if it start with a 0. But
busnum and devnum are decimal and udev returns them padded with leading
zeros. So strtoul parses them as octal. This works for certain decimal
values like 001-007, but fails for values like 008.
Change udevProcessUSBDevice to use base 10 for busnum and devnum.
---
src/node_device/node_device_udev.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 734f3f7..0c0f29a 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -500,14 +500,14 @@ static int udevProcessUSBDevice(struct udev_device *device,
if (udevGetUintProperty(device,
"BUSNUM",
&data->usb_dev.bus,
- 0) == PROPERTY_ERROR) {
+ 10) == PROPERTY_ERROR) {
goto out;
}
if (udevGetUintProperty(device,
"DEVNUM",
&data->usb_dev.device,
- 0) == PROPERTY_ERROR) {
+ 10) == PROPERTY_ERROR) {
goto out;
}
--
1.6.3.3
15 years, 2 months
[libvirt] [PATCH] libvirtd.c: avoid closing a negative socket file descriptor
by Jim Meyering
A lot like the last one...
>From e32826290b960790b0ec4f50b195f424fa42348f Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 2 Feb 2010 11:27:25 +0100
Subject: [PATCH] libvirtd.c: avoid closing a negative socket file descriptor
* daemon/libvirtd.c (qemudListenUnix): Close socket only if non-negative.
---
daemon/libvirtd.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 3070dfc..f7df0c6 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1,7 +1,7 @@
/*
* libvirtd.c: daemon start of day, guest process & i/o management
*
- * Copyright (C) 2006, 2007, 2008, 2009 Red Hat, Inc.
+ * Copyright (C) 2006-2010, 2010 Red Hat, Inc.
* Copyright (C) 2006 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -582,7 +582,7 @@ static int qemudListenUnix(struct qemud_server *server,
return 0;
cleanup:
- if (sock->fd)
+ if (0 <= sock->fd)
close(sock->fd);
VIR_FREE(sock);
return -1;
--
1.7.0.rc1.149.g0b0b7
15 years, 2 months
[libvirt] [PATCH] lxc_controller.c: don't ignore failed "accept"
by Jim Meyering
coverity complained (rightly) about the risk of closing a negative
file descriptor. However, the real problem was the missing test
for a failed "accept" call. I'm not 100% sure that a failed
accept call deserves to provoke a "goto cleanup", but doing that
is consistent with what the nearby code does upon epoll_ctl failure.
>From 8bfd81f0a8a9cb3fd9b575e9c2f5ab9969a2910f Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 2 Feb 2010 11:55:19 +0100
Subject: [PATCH] lxc_controller.c: don't ignore failed "accept"
* src/lxc/lxc_controller.c (lxcControllerMain): A failed accept could
lead to passing a negative file descriptor to various other functions,
which would in turn report EBADF, rather that whatever error prompted
the initial failure.
---
src/lxc/lxc_controller.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 6304815..682f874 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -349,6 +349,11 @@ static int lxcControllerMain(int monitor,
if (numEvents > 0) {
if (epollEvent.data.fd == monitor) {
int fd = accept(monitor, NULL, 0);
+ if (fd < 0) {
+ virReportSystemError(NULL, errno, "%s",
+ _("accept(monitor,...) failed"));
+ goto cleanup;
+ }
if (client != -1) { /* Already connected, so kick new one out */
close(fd);
continue;
--
1.7.0.rc1.149.g0b0b7
15 years, 2 months
[libvirt] [PATCH] storage_backend.c: avoid closing a negative file descriptor
by Jim Meyering
This close(fd) is reachable with an "fd" of -1 via
the "goto cleanup" just before &fd is first set.
While closing(-1) is not a big problem, it is a failing
syscall, and would show up on an strace audit, not to mention
the coverity and maybe-clang warnings.
>From c69369c445be53f12ec09a176fd477b9ff16bbff Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 2 Feb 2010 11:11:49 +0100
Subject: [PATCH] storage_backend.c: avoid closing a negative file descriptor
* src/storage/storage_backend.c (virStorageBackendRunProgRegex):
Don't close a negative (read-only) file descriptor.
---
src/storage/storage_backend.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index bc656f2..84eb8aa 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -1,7 +1,7 @@
/*
* storage_backend.c: internal storage driver backend contract
*
- * Copyright (C) 2007-2009 Red Hat, Inc.
+ * Copyright (C) 2007-2010 Red Hat, Inc.
* Copyright (C) 2007-2008 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -1326,8 +1326,10 @@ virStorageBackendRunProgRegex(virConnectPtr conn,
if (list)
fclose(list);
- else
- close(fd);
+ else {
+ if (0 <= fd)
+ close(fd);
+ }
while ((err = waitpid(child, &exitstatus, 0) == -1) && errno == EINTR);
--
1.7.0.rc1.149.g0b0b7
15 years, 2 months
[libvirt] [PATCH] avoid a probable EINVAL from lseek
by Jim Meyering
In src/qemu/qemu_driver.c, coverity reports this:
Event negative_return_fn: Called negative-returning function "lseek(logfile, 0L, 2)"
Event var_assign: NEGATIVE return value of "lseek" assigned to signed variable "pos"
At conditional (1): "(pos = lseek(logfile, 0L, 2)) < 0" taking true path
2877 if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
2878 VIR_WARN(_("Unable to seek to end of logfile: %s"),
2879 virStrerror(errno, ebuf, sizeof ebuf));
since later in that same function, a negative "pos" may
be used like this:
Event negative_returns: Tracked variable "pos" was passed to a negative sink. [details]
2930 if (qemudWaitForMonitor(conn, driver, vm, pos) < 0)
2931 goto abort;
2932
which is a legitimate problem, since
qemudWaitForMonitor calls qemudLogReadFD, which calls lseek
with that same "pos" value:
Event neg_sink_parm_call: Parameter "pos" passed to negative sink "lseek"
560 if (lseek(fd, pos, SEEK_SET) < 0) {
561 virReportSystemError(conn, errno,
562 _("Unable to seek to %lld in %s"),
563 (long long) pos, logfile);
564 close(fd);
565 }
One approach is to detect the negative offset in that final bit
of code and skip the lseek:
>From 0ef617935462c314ed0b44bcaa3dd5bf58ccbc1b Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 1 Feb 2010 22:17:44 +0100
Subject: [PATCH] avoid a probable EINVAL from lseek
* src/qemu/qemu_driver.c (qemudLogReadFD): Don't pass a negative
offset (from a preceding failed attempt to seek to EOF) to this use
of lseek.
---
src/qemu/qemu_driver.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 22593bf..676a27b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -558,8 +558,8 @@ qemudLogReadFD(virConnectPtr conn, const char* logDir, const char* name, off_t p
close(fd);
return -1;
}
- if (lseek(fd, pos, SEEK_SET) < 0) {
- virReportSystemError(conn, errno,
+ if (pos < 0 || lseek(fd, pos, SEEK_SET) < 0) {
+ virReportSystemError(conn, pos < 0 ? 0 : errno,
_("Unable to seek to %lld in %s"),
(long long) pos, logfile);
close(fd);
--
1.7.0.rc1.149.g0b0b7
15 years, 2 months
[libvirt] [PATCH] util.c (two more): don't use a negative value as allocation size
by Jim Meyering
This change is nearly identical to one I made last week.
I inspected all remaining sysconf uses, and they seem to be ok.
>From 77add8762c5d00db11bb588b7ea0c9e00975c183 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 1 Feb 2010 21:45:06 +0100
Subject: [PATCH] util.c (two more): don't use a negative value as allocation size
* src/util/util.c (virGetUserID, virGetGroupID): In the unlikely event
that sysconf(_SC_GETPW_R_SIZE_MAX) fails, don't use -1 as the size in
the subsequent allocation.
---
src/util/util.c | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/util/util.c b/src/util/util.c
index 3c200d3..cf1290d 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -2388,11 +2388,17 @@ int virGetUserID(virConnectPtr conn,
uid_t *uid)
{
char *strbuf;
struct passwd pwbuf;
struct passwd *pw = NULL;
- size_t strbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ long val = sysconf(_SC_GETPW_R_SIZE_MAX);
+ size_t strbuflen = val;
+
+ if (val < 0) {
+ virReportSystemError(conn, errno, "%s", _("sysconf failed"));
+ return -1;
+ }
if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
virReportOOMError(conn);
return -1;
}
@@ -2425,11 +2431,17 @@ int virGetGroupID(virConnectPtr conn,
gid_t *gid)
{
char *strbuf;
struct group grbuf;
struct group *gr = NULL;
- size_t strbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ long val = sysconf(_SC_GETGR_R_SIZE_MAX);
+ size_t strbuflen = val;
+
+ if (val < 0) {
+ virReportSystemError(conn, errno, "%s", _("sysconf failed"));
+ return -1;
+ }
if (VIR_ALLOC_N(strbuf, strbuflen) < 0) {
virReportOOMError(conn);
return -1;
}
--
1.7.0.rc1.149.g0b0b7
15 years, 2 months
[libvirt] virt-manager network properties
by C.J. Adams-Collier
Hey Dan, list,
It seems to me that virt-manager could do with more information about
the virtual network devices, the DHCP leases on them, maybe a view of
the arp table, etc.
To this end, I've abused Dan's .glade file a bit and put some stub code
in virtManger/host.py
Could I get some comments and some recommendations for next steps? It's
been a while since I've done any glade'ing...
Cheers,
C.J.
15 years, 2 months
[libvirt] [PATCH] qemu_monitor_json.c: avoid many unconditional leaks
by Jim Meyering
Actually, the preceding patch fixed only the one leak that had been
introduced in the last month or so. Looking at the many other functions
that do the same sort of thing (call qemuMonitorJSONMakeCommand, and
later virJSONValueFree), I saw that they all had exactly the same leak.
So this amended patch fixes all of them:
>From 28f820354dcae9950cad042ea78a893fd9475830 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Wed, 27 Jan 2010 09:58:12 +0100
Subject: [PATCH] qemu_monitor_json.c: avoid many unconditional leaks
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONAttachDrive):
Don't leak the buffer behind a virJSONValuePtr.
(qemuMonitorJSONStartCPUs): Likewise.
(qemuMonitorJSONStopCPUs, qemuMonitorJSONSystemPowerdown): Likewise.
(qemuMonitorJSONGetCPUInfo, qemuMonitorJSONGetBalloonInfo): Likewise.
(qemuMonitorJSONGetBlockStatsInfo): Likewise.
(qemuMonitorJSONSetVNCPassword): Likewise.
(qemuMonitorJSONSetBalloon, qemuMonitorJSONEjectMedia): Likewise.
(qemuMonitorJSONChangeMedia, qemuMonitorJSONSaveMemory): Likewise.
(qemuMonitorJSONSetMigrationSpeed): Likewise.
(qemuMonitorJSONGetMigrationStatus, qemuMonitorJSONMigrate): Likewise.
(qemuMonitorJSONMigrateCancel, qemuMonitorJSONAddUSB): Likewise.
(qemuMonitorJSONAddPCIHostDevice, qemuMonitorJSONAddPCIDisk): Likewise.
(qemuMonitorJSONAddPCINetwork, qemuMonitorJSONRemovePCIDevice): Likewise.
(qemuMonitorJSONSendFileHandle): Likewise.
(qemuMonitorJSONCloseFileHandle): Likewise.
(qemuMonitorJSONAddHostNetwork): Likewise.
(qemuMonitorJSONRemoveHostNetwork): Likewise.
(qemuMonitorJSONGetPtyPaths): Likewise.
(qemuMonitorJSONAttachPCIDiskController): Likewise.
---
src/qemu/qemu_monitor_json.c | 27 +++++++++++++++++++++++++++
1 files changed, 27 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 8e88c7e..b6c3449 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -492,6 +492,7 @@ qemuMonitorJSONStartCPUs(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -512,6 +513,7 @@ qemuMonitorJSONStopCPUs(qemuMonitorPtr mon)
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -531,6 +533,7 @@ int qemuMonitorJSONSystemPowerdown(qemuMonitorPtr mon)
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -637,6 +640,7 @@ int qemuMonitorJSONGetCPUInfo(qemuMonitorPtr mon,
ret = qemuMonitorJSONExtractCPUInfo(reply, pids);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -696,6 +700,7 @@ int qemuMonitorJSONGetBalloonInfo(qemuMonitorPtr mon,
cleanup:
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -800,6 +805,7 @@ int qemuMonitorJSONGetBlockStatsInfo(qemuMonitorPtr mon,
cleanup:
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -824,6 +830,7 @@ int qemuMonitorJSONSetVNCPassword(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -861,6 +868,7 @@ int qemuMonitorJSONSetBalloon(qemuMonitorPtr mon,
cleanup:
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -884,6 +892,7 @@ int qemuMonitorJSONEjectMedia(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -918,6 +927,7 @@ int qemuMonitorJSONChangeMedia(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -945,6 +955,7 @@ static int qemuMonitorJSONSaveMemory(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -991,6 +1002,7 @@ int qemuMonitorJSONSetMigrationSpeed(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1084,6 +1096,7 @@ int qemuMonitorJSONGetMigrationStatus(qemuMonitorPtr mon,
ret = -1;
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1109,6 +1122,7 @@ static int qemuMonitorJSONMigrate(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1206,6 +1220,7 @@ int qemuMonitorJSONMigrateCancel(qemuMonitorPtr mon)
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1229,6 +1244,7 @@ static int qemuMonitorJSONAddUSB(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1369,6 +1385,7 @@ int qemuMonitorJSONAddPCIHostDevice(qemuMonitorPtr mon,
ret = -1;
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1410,6 +1427,7 @@ int qemuMonitorJSONAddPCIDisk(qemuMonitorPtr mon,
ret = -1;
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1442,6 +1460,7 @@ int qemuMonitorJSONAddPCINetwork(qemuMonitorPtr mon,
ret = -1;
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1475,6 +1494,7 @@ int qemuMonitorJSONRemovePCIDevice(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1498,6 +1518,7 @@ int qemuMonitorJSONSendFileHandle(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1520,6 +1541,7 @@ int qemuMonitorJSONCloseFileHandle(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1542,6 +1564,7 @@ int qemuMonitorJSONAddHostNetwork(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1566,6 +1589,7 @@ int qemuMonitorJSONRemoveHostNetwork(qemuMonitorPtr mon,
ret = qemuMonitorJSONCheckError(cmd, reply);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1665,6 +1689,7 @@ int qemuMonitorJSONGetPtyPaths(qemuMonitorPtr mon,
ret = qemuMonitorJSONExtractPtyPaths(reply, paths);
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1705,6 +1730,7 @@ int qemuMonitorJSONAttachPCIDiskController(qemuMonitorPtr mon,
ret = -1;
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
@@ -1773,6 +1799,7 @@ int qemuMonitorJSONAttachDrive(qemuMonitorPtr mon,
ret = -1;
virJSONValueFree(cmd);
+ VIR_FREE(cmd);
virJSONValueFree(reply);
return ret;
}
--
1.7.0.rc0.140.gfbe7
15 years, 2 months
[libvirt] [PATCH] avoid format-related warnings
by Jim Meyering
FYI, more of these. No need to review.
I'll push shortly.
>From 4cd188d4d5e4ffebdc026dee9179d2a97c02d3f5 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Mon, 1 Feb 2010 18:25:23 +0100
Subject: [PATCH] avoid format-related warnings
* src/qemu/qemu_monitor_text.c (qemuMonitorTextGetAllPCIAddresses):
Use %s.
* src/storage/storage_backend_iscsi.c (virStorageBackendCreateIfaceIQN):
Likewise.
* tools/virsh.c (cmdSecretSetValue): Likewise.
---
src/qemu/qemu_monitor_text.c | 2 +-
src/storage/storage_backend_iscsi.c | 4 ++--
tools/virsh.c | 4 ++--
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/qemu/qemu_monitor_text.c b/src/qemu/qemu_monitor_text.c
index 380bcdc..44111e1 100644
--- a/src/qemu/qemu_monitor_text.c
+++ b/src/qemu/qemu_monitor_text.c
@@ -1959,7 +1959,7 @@ int qemuMonitorTextGetAllPCIAddresses(qemuMonitorPtr mon,
if (qemuMonitorCommand(mon, "info pci", &reply) < 0) {
qemudReportError(NULL, NULL, NULL, VIR_ERR_OPERATION_FAILED,
- _("cannot query PCI addresses"));
+ "%s", _("cannot query PCI addresses"));
return -1;
}
diff --git a/src/storage/storage_backend_iscsi.c b/src/storage/storage_backend_iscsi.c
index 5c657b4..0d3c7b1 100644
--- a/src/storage/storage_backend_iscsi.c
+++ b/src/storage/storage_backend_iscsi.c
@@ -1,7 +1,7 @@
/*
* storage_backend_iscsi.c: storage backend for iSCSI handling
*
- * Copyright (C) 2007-2008 Red Hat, Inc.
+ * Copyright (C) 2007-2008, 2010 Red Hat, Inc.
* Copyright (C) 2007-2008 Daniel P. Berrange
*
* This library is free software; you can redistribute it and/or
@@ -259,7 +259,7 @@ virStorageBackendCreateIfaceIQN(virConnectPtr conn,
char temp_ifacename[32];
if (virRandomInitialize(time(NULL) ^ getpid()) == -1) {
- virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR,
+ virStorageReportError(conn, VIR_ERR_INTERNAL_ERROR, "%s",
_("Failed to initialize random generator "
"when creating iscsi interface"));
goto out;
diff --git a/tools/virsh.c b/tools/virsh.c
index 1fae5e6..01d2038 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -1,7 +1,7 @@
/*
* virsh.c: a Xen shell used to exercise the libvirt API
*
- * Copyright (C) 2005, 2007-2009 Red Hat, Inc.
+ * Copyright (C) 2005, 2007-2010 Red Hat, Inc.
*
* See COPYING.LIB for the License of this software
*
@@ -5482,7 +5482,7 @@ cmdSecretSetValue(vshControl *ctl, const vshCmd *cmd)
goto cleanup;
if (!base64_decode_alloc(base64, strlen(base64), &value, &value_size)) {
- vshError(ctl, _("Invalid base64 data"));
+ vshError(ctl, "%s", _("Invalid base64 data"));
goto cleanup;
}
if (value == NULL) {
--
1.7.0.rc1.149.g0b0b7
15 years, 2 months
[libvirt] [PATCH] cpu_x86.c: avoid NULL-deref for invalid arguments
by Jim Meyering
Passing a NULL "models" pointer along with a
contradictory "nmodels >= 1" would cause a NULL-dereference.
An alternative to the fix below would be simply to guard
the NULL-derferencing strcmp with "if (models ...",
but that wouldn't tell the caller that they're passing
bogus arguments.
>From f57bd1fbe7a41b1b9d8ba1be61790e95b5060ddc Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 26 Jan 2010 19:58:48 +0100
Subject: [PATCH] cpu_x86.c: avoid NULL-deref for invalid arguments
* src/cpu/cpu_x86.c (x86Decode): Do not dereference NULL
when "models" is NULL and nmodels is 1 or greater.
---
src/cpu/cpu_x86.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index dae7c90..47dc400 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -1,7 +1,7 @@
/*
* cpu_x86.c: CPU driver for CPUs with x86 compatible CPUID instruction
*
- * Copyright (C) 2009 Red Hat, Inc.
+ * Copyright (C) 2009-2010 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -954,6 +954,9 @@ x86Decode(virCPUDefPtr cpu,
if (data == NULL || (map = x86LoadMap()) == NULL)
return -1;
+ if (models == NULL && nmodels != 0)
+ return -1;
+
candidate = map->models;
while (candidate != NULL) {
bool allowed = (models == NULL);
--
1.7.0.rc0.140.gfbe7
15 years, 2 months
