On Wed, May 15, 2019 at 10:14:35 +0200, Michal Privoznik wrote:
On 5/14/19 5:24 PM, Ilias Stamatis wrote:
> On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn(a)redhat.com> wrote:
[...]
> Because in the first loop, VIR_STRDUP might fail and send us to
> "cleanup". But then on cleanup we iterate over the whole errors array.
>
> Isn't this incorrect? Do I understand something wrong?
Ah, now I get it. If user passes an array that is not zeroed out then we
might end up passing a random pointer to free(). How about this then?
Why don't you just sanitize the user-passed memory first then?