Re: [libvirt] [PATCH] Fix cd eject segfault
Daniel P. Berrange wrote:
On Thu, Aug 21, 2008 at 11:20:28PM -0400, Cole Robinson wrote:
> The cdrom eject code was trying to dereference the
> NULL source of an empty cdrom. Attached patch fixes
> this.
> @@ -2972,6 +2973,13 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
> }
> VIR_FREE(safe_path);
>
> + newsrc = strdup(newdisk->src);
> + if (!newsrc) {
> + qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
> + "%s", _("out of memory"));
> + return -1;
> + }
>
Rather than dup'ing the string here and having to deal with OOM...
> +
> } else if (asprintf(&cmd, "eject cdrom") == -1) {
> qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
> "%s", _("out of memory"));
> @@ -2982,11 +2990,17 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
> qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
> "%s", _("cannot change cdrom media"));
> VIR_FREE(cmd);
> + VIR_FREE(newsrc);
> return -1;
> }
> VIR_FREE(reply);
> VIR_FREE(cmd);
> - strcpy(olddisk->src, newdisk->src);
> +
> + VIR_FREE(olddisk->src);
> + if (newsrc) {
> + olddisk->src = newsrc;
> + newsrc = NULL;
> + }
>
Just do
VIR_FREE(olddisk->src);
olddisk->src = newdisk->src;
newdisk->src = NULL;
Daniel
Whoops, yeah. I certainly over complicated that.
Updated patch attached.
Thanks,
Cole
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 06fbe55..21fd468 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -2986,7 +2986,10 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
}
VIR_FREE(reply);
VIR_FREE(cmd);
- strcpy(olddisk->src, newdisk->src);
+
+ VIR_FREE(olddisk->src);
+ olddisk->src = newdisk->src;
+ newdisk->src = NULL;
olddisk->type = newdisk->type;
return 0;
}