[libvirt] [PATCH 6/3] qemu: avoid null deref on block pull error

Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked for a NULL return; and that by not checking we risk a null deref during an error. The error is unlikely since the prior call to virJSONValueArraySize would probably have already caught any botched JSON array parse, but better safe than sorry. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo): Check for NULL. (qemuMonitorJSONExtractPtyPaths): Fix typo. --- src/qemu/qemu_monitor_json.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index b7a6a12..2a9a078 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -1018,7 +1018,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONValuePtr reply, int thread; if (!entry) { qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("character device information was missing aray element")); + _("character device information was missing array element")); goto cleanup; } @@ -2266,7 +2266,7 @@ static int qemuMonitorJSONExtractPtyPaths(virJSONValuePtr reply, const char *id; if (!entry) { qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("character device information was missing aray element")); + _("character device information was missing array element")); goto cleanup; } @@ -2855,6 +2855,11 @@ static int qemuMonitorJSONGetBlockJobInfo(virJSONValuePtr reply, for (i = 0; i < nr_results; i++) { virJSONValuePtr entry = virJSONValueArrayGet(data, i); + if (!entry) { + qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing array element")); + return -1; + } if (qemuMonitorJSONGetBlockJobInfoOne(entry, device, info) == 0) return 1; } -- 1.7.4.4