[libvirt] [PATCH 2/2] util: Avoid possible NULL dereference in virSysinfoParsePPCProcessor
Found by Coverity. Because there's an "if ((cur = strstr(base,
"revision"))
!= NULL) {" followed by a "base = cur" coverity notes that 'base'
could
then be NULL causing the return to the top of the "while ((tmp_base =
strstr(base, "processor")) != NULL) {" to have strstr deref a NULL
'base'
pointer because the setting of base at the bottom of the loop is unconditional.
Alter the code to set "base = cur" after processing each key. That will
"ensure" that base doesn't get set to NULL if both "cpu" and
"revision"
do no follow a "processor".
While a /proc/cpuinfo file that has a "processor" key but with neither
a "cpu" nor a "revision" doesn't seem feasible, the code is
written as if
it could happen, so we have to account for it.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virsysinfo.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/util/virsysinfo.c b/src/util/virsysinfo.c
index 14c17a8..8d3377c 100644
--- a/src/util/virsysinfo.c
+++ b/src/util/virsysinfo.c
@@ -231,6 +231,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret)
if (eol && VIR_STRNDUP(processor->processor_socket_destination,
cur, eol - cur) < 0)
return -1;
+ base = cur;
if ((cur = strstr(base, "cpu")) != NULL) {
cur = strchr(cur, ':') + 1;
@@ -239,6 +240,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret)
if (eol && VIR_STRNDUP(processor->processor_type,
cur, eol - cur) < 0)
return -1;
+ base = cur;
}
if ((cur = strstr(base, "revision")) != NULL) {
@@ -248,9 +250,9 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret)
if (eol && VIR_STRNDUP(processor->processor_version,
cur, eol - cur) < 0)
return -1;
+ base = cur;
}
- base = cur;
}
return 0;
--
2.9.3