Re: [libvirt] [PATCH v2] test_driver: implement virDomainGetDiskErrors

On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn(a)redhat.com&gt; wrote: > > On 5/14/19 12:50 PM, Ilias Stamatis wrote: >> On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan(a)redhat.com&gt; wrote: >>> >>> >>> >>> On 5/13/19 9:04 AM, Ilias Stamatis wrote: >>>> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn(a)redhat.com&gt; wrote: >>>>> >>>>> On 5/13/19 1:26 AM, Ilias Stamatis wrote: >>>>>> Return the number of disks present in the configuration of the test >>>>>> domain when called with @errors as NULL and @maxerrors as 0. >>>>>> >>>>>> Otherwise report an error for every second disk, assigning available >>>>>> error codes in a cyclic order. >>>>>> >>>>>> Signed-off-by: Ilias Stamatis <stamatis.iliass(a)gmail.com&gt; >>>>>> --- >>>>>> src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++ >>>>>> 1 file changed, 42 insertions(+) >>>>>> >>>>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c >>>>>> index a06d1fc402..527c2f5d3b 100644 >>>>>> --- a/src/test/test_driver.c >>>>>> +++ b/src/test/test_driver.c >>>>>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain, >>>>>> return 0; >>>>>> } >>>>>> >>>>>> +static int testDomainGetDiskErrors(virDomainPtr dom, >>>>>> + virDomainDiskErrorPtr errors, >>>>>> + unsigned int maxerrors, >>>>>> + unsigned int flags) >>>>>> +{ >>> >>> [...] >>> >>>>>> + n++; >>>>>> + } >>>>>> + ret = n; >>>>>> + } >>>>>> + >>>>>> + cleanup: >>>>>> + virDomainObjEndAPI(&vm); >>>>>> + if (ret < 0) { >>>>>> + for (i = 0; i < n; i++) >>>>>> + VIR_FREE(errors[i].disk); >>>>>> + } >>> >>> The above got changed to : >>> >>> + cleanup: >>> + virDomainObjEndAPI(&vm); >>> + if (ret < 0) { >>> + for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++) >>> + VIR_FREE(errors[i].disk); >>> + } >> >> I think this change is incorrect and a bug lies in here. >> >> If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks, >> maxerrors) will have been allocated, and then in the cleanup code >> we'll call VIR_FREE with pointers that haven't been previously >> allocated. > > That isn't a problem. User has to passed an array that we can touch. If > they store some data in it, well, their fault - how are we supposed to > return anything if we can't touch the array? I'm not sure I understand exactly what you mean. We can touch the array of course. What I'm saying is that we allocate memory with VIR_STRDUP for each errors[i].disk, but if the call fails we free this memory on our own. However how it is implemented now we might call VIR_FREE on pointers for which we have *not* allocated any memory. Because in the first loop, VIR_STRDUP might fail and send us to "cleanup". But then on cleanup we iterate over the whole errors array. Isn't this incorrect? Do I understand something wrong?