On Thu, Aug 21, 2008 at 11:20:28PM -0400, Cole Robinson wrote:
The cdrom eject code was trying to dereference the NULL source of an empty cdrom. Attached patch fixes this. @@ -2972,6 +2973,13 @@ static int qemudDomainChangeCDROM(virDomainPtr dom, } VIR_FREE(safe_path);
+ newsrc = strdup(newdisk->src); + if (!newsrc) { + qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + "%s", _("out of memory")); + return -1; + }
Rather than dup'ing the string here and having to deal with OOM...
+ } else if (asprintf(&cmd, "eject cdrom") == -1) { qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, "%s", _("out of memory")); @@ -2982,11 +2990,17 @@ static int qemudDomainChangeCDROM(virDomainPtr dom, qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, "%s", _("cannot change cdrom media")); VIR_FREE(cmd); + VIR_FREE(newsrc); return -1; } VIR_FREE(reply); VIR_FREE(cmd); - strcpy(olddisk->src, newdisk->src); + + VIR_FREE(olddisk->src); + if (newsrc) { + olddisk->src = newsrc; + newsrc = NULL; + }
Just do VIR_FREE(olddisk->src); olddisk->src = newdisk->src; newdisk->src = NULL; Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|