10:20 a.m.
Commit '18b14012' refactored the Xen code resulting in a Coverity
warning about possible NULL reference if the path where the XM driver
takes puts the def on it's list. Moved/duplicated the virGetDomain()
call to pacify the possible NULL deref.
NOTE: I did ping Dan B, but he is away, so rather than wait or take
the chance this ends up in the upcoming release, I made the change.
---
src/xen/xen_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index cc6e486..9eab3fc 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1658,13 +1658,14 @@ xenUnifiedDomainDefineXML(virConnectPtr conn, const char *xml)
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
if (xenXMDomainDefineXML(conn, def) < 0)
goto cleanup;
+ ret = virGetDomain(conn, def->name, def->uuid);
def = NULL; /* XM driver owns it now */
} else {
if (xenDaemonDomainDefineXML(conn, def) < 0)
goto cleanup;
+ ret = virGetDomain(conn, def->name, def->uuid);
}
- ret = virGetDomain(conn, def->name, def->uuid);
if (ret)
ret->id = -1;
--
1.8.1.4
4:22 p.m.
On 05/23/2013 09:20 AM, John Ferlan wrote:
Commit '18b14012' refactored the Xen code resulting in a
Coverity
warning about possible NULL reference if the path where the XM driver
takes puts the def on it's list. Moved/duplicated the virGetDomain()
call to pacify the possible NULL deref.
NOTE: I did ping Dan B, but he is away, so rather than wait or take
the chance this ends up in the upcoming release, I made the change.
Drop the NOTE when committing (it has bearing on the review, but not on
the patch contents, so it would have fit better after the ---).
---
src/xen/xen_driver.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index cc6e486..9eab3fc 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -1658,13 +1658,14 @@ xenUnifiedDomainDefineXML(virConnectPtr conn, const char *xml)
if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
if (xenXMDomainDefineXML(conn, def) < 0)
goto cleanup;
+ ret = virGetDomain(conn, def->name, def->uuid);
def = NULL; /* XM driver owns it now */
} else {
if (xenDaemonDomainDefineXML(conn, def) < 0)
goto cleanup;
+ ret = virGetDomain(conn, def->name, def->uuid);
}
- ret = virGetDomain(conn, def->name, def->uuid);
ACK; definite use-after-free fixup.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
6:24 p.m.
On 05/23/2013 05:22 PM, Eric Blake wrote:
On 05/23/2013 09:20 AM, John Ferlan wrote:
> Commit '18b14012' refactored the Xen code resulting in a Coverity
> warning about possible NULL reference if the path where the XM driver
> takes puts the def on it's list. Moved/duplicated the virGetDomain()
> call to pacify the possible NULL deref.
>
> NOTE: I did ping Dan B, but he is away, so rather than wait or take
> the chance this ends up in the upcoming release, I made the change.
Drop the NOTE when committing (it has bearing on the review, but not on
the patch contents, so it would have fit better after the ---).
Right - I forgot about the '---' thing. It wasn't part of the original
commit message...
>
> ---
> src/xen/xen_driver.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
> index cc6e486..9eab3fc 100644
> --- a/src/xen/xen_driver.c
> +++ b/src/xen/xen_driver.c
> @@ -1658,13 +1658,14 @@ xenUnifiedDomainDefineXML(virConnectPtr conn, const char
*xml)
> if (priv->xendConfigVersion < XEND_CONFIG_VERSION_3_0_4) {
> if (xenXMDomainDefineXML(conn, def) < 0)
> goto cleanup;
> + ret = virGetDomain(conn, def->name, def->uuid);
> def = NULL; /* XM driver owns it now */
> } else {
> if (xenDaemonDomainDefineXML(conn, def) < 0)
> goto cleanup;
> + ret = virGetDomain(conn, def->name, def->uuid);
> }
>
> - ret = virGetDomain(conn, def->name, def->uuid);
ACK; definite use-after-free fixup.
Thanks, pushed.
John
4201
days inactive
4201
days old
2 comments
2 participants
participants (2)
-
Eric Blake -
John Ferlan