On 5/14/19 5:24 PM, Ilias Stamatis wrote:
On Tue, May 14, 2019 at 5:04 PM Michal Privoznik
<mprivozn(a)redhat.com> wrote:
>
> On 5/14/19 12:50 PM, Ilias Stamatis wrote:
>> On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan(a)redhat.com> wrote:
>>>
>>>
>>>
>>> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
>>>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik
<mprivozn(a)redhat.com> wrote:
>>>>>
>>>>> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
>>>>>> Return the number of disks present in the configuration of the
test
>>>>>> domain when called with @errors as NULL and @maxerrors as 0.
>>>>>>
>>>>>> Otherwise report an error for every second disk, assigning
available
>>>>>> error codes in a cyclic order.
>>>>>>
>>>>>> Signed-off-by: Ilias Stamatis <stamatis.iliass(a)gmail.com>
>>>>>> ---
>>>>>> src/test/test_driver.c | 42
++++++++++++++++++++++++++++++++++++++++++
>>>>>> 1 file changed, 42 insertions(+)
>>>>>>
>>>>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
>>>>>> index a06d1fc402..527c2f5d3b 100644
>>>>>> --- a/src/test/test_driver.c
>>>>>> +++ b/src/test/test_driver.c
>>>>>> @@ -3046,6 +3046,47 @@ static int
testDomainSetAutostart(virDomainPtr domain,
>>>>>> return 0;
>>>>>> }
>>>>>>
>>>>>> +static int testDomainGetDiskErrors(virDomainPtr dom,
>>>>>> + virDomainDiskErrorPtr
errors,
>>>>>> + unsigned int maxerrors,
>>>>>> + unsigned int flags)
>>>>>> +{
>>>
>>> [...]
>>>
>>>>>> + n++;
>>>>>> + }
>>>>>> + ret = n;
>>>>>> + }
>>>>>> +
>>>>>> + cleanup:
>>>>>> + virDomainObjEndAPI(&vm);
>>>>>> + if (ret < 0) {
>>>>>> + for (i = 0; i < n; i++)
>>>>>> + VIR_FREE(errors[i].disk);
>>>>>> + }
>>>
>>> The above got changed to :
>>>
>>> + cleanup:
>>> + virDomainObjEndAPI(&vm);
>>> + if (ret < 0) {
>>> + for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
>>> + VIR_FREE(errors[i].disk);
>>> + }
>>
>> I think this change is incorrect and a bug lies in here.
>>
>> If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks,
>> maxerrors) will have been allocated, and then in the cleanup code
>> we'll call VIR_FREE with pointers that haven't been previously
>> allocated.
>
> That isn't a problem. User has to passed an array that we can touch. If
> they store some data in it, well, their fault - how are we supposed to
> return anything if we can't touch the array?
I'm not sure I understand exactly what you mean.
We can touch the array of course.
What I'm saying is that we allocate memory with VIR_STRDUP for each
errors[i].disk, but if the call fails we free this memory on our own.
However how it is implemented now we might call VIR_FREE on pointers
for which we have *not* allocated any memory.
Because in the first loop, VIR_STRDUP might fail and send us to
"cleanup". But then on cleanup we iterate over the whole errors array.
Isn't this incorrect? Do I understand something wrong?
Ah, now I get it. If user passes an array that is not zeroed out then we
might end up passing a random pointer to free(). How about this then?
if (ret < 0) {
while (i > 0)
VIR_FREE(errors[i--].disk);
}
Michal