Re: [libvirt] [PATCH] vbox: Fix segfault on empty device source
On 03/22/2010 02:40 PM, Matthias Bolte wrote:
<source file=''/> results in def->disks[i]->src
== NULL. But
vboxDomainDefineXML didn't check def->disks[i]->src for NULL
and expected it to be a valid string.
Add checks for def->disks[i]->src != NULL to fix the segfault.
ACK, but did you catch all the places? For example,
@@ -3519,7 +3519,8 @@ static virDomainPtr
vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
DEBUG("disk(%d) shared: %s", i,
def->disks[i]->shared ? "True" : "False");
if (def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM) {
- if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE) {
+ if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE
&&
+ def->disks[i]->src != NULL) {
IDVDDrive *dvdDrive = NULL;
/* Currently CDROM/DVD Drive is always IDE
* Secondary Master so neglecting the following
@@ -3801,7 +3802,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const
char *xml) {
in between these two line ranges, I see a usage at line 3591 under
def->disks[i]->device==VIR_DOMAIN_DISK_TYPE_DISK that seems like it
could be vulnerable to the same problem.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 323 bytes)