Re: [libvirt] [PATCH] qemu: Fix crash on failed VM startup

On 06/01/2010 01:10 PM, Cole Robinson wrote: > If VM startup fails early enough (can't find a referenced USB device), > libvirtd will crash trying to clear the VNC port bit, since port = 0, > which overflows us out of the bitmap bounds. > > Fix this by being more defensive in the bitmap operations, and only > clearing a previously set VNC port. > > +++ b/src/util/bitmap.c > @@ -118,7 +118,7 @@ int virBitmapSetBit(virBitmapPtr bitmap, size_t b) > */ > int virBitmapClearBit(virBitmapPtr bitmap, size_t b) > { > - if (b > bitmap->size - 1) > + if (bitmap->size != 0 && b > bitmap->size - 1) I think this could use a v2: virBitmapSetBit and virBitmapGetBit should get the same treatment for bounds checking. Meanwhile, we already reject attempts to create a bitmap with SIZE_MAX bits. Therefore, since b is unsigned, we can safely avoid the && and instead do the computation via a single comparison: if (bitmap->size <= b) return -1; For that matter, should virBitmapAlloc(0) return NULL, instead of it's current behavior of allocating an (empty) bitmap?