On Thu, May 16, 2019 at 9:44 AM Michal Privoznik <mprivozn@redhat.com> wrote:
On 5/15/19 11:49 AM, Ilias Stamatis wrote:
On Wed, May 15, 2019 at 10:14 AM Michal Privoznik <mprivozn@redhat.com> wrote:
On 5/14/19 5:24 PM, Ilias Stamatis wrote:
On Tue, May 14, 2019 at 5:04 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 5/14/19 12:50 PM, Ilias Stamatis wrote:
On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan@redhat.com> wrote: > > > > On 5/13/19 9:04 AM, Ilias Stamatis wrote: >> On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn@redhat.com> wrote: >>> >>> On 5/13/19 1:26 AM, Ilias Stamatis wrote: >>>> Return the number of disks present in the configuration of the test >>>> domain when called with @errors as NULL and @maxerrors as 0. >>>> >>>> Otherwise report an error for every second disk, assigning available >>>> error codes in a cyclic order. >>>> >>>> Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com> >>>> --- >>>> src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++ >>>> 1 file changed, 42 insertions(+) >>>> >>>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c >>>> index a06d1fc402..527c2f5d3b 100644 >>>> --- a/src/test/test_driver.c >>>> +++ b/src/test/test_driver.c >>>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain, >>>> return 0; >>>> } >>>> >>>> +static int testDomainGetDiskErrors(virDomainPtr dom, >>>> + virDomainDiskErrorPtr errors, >>>> + unsigned int maxerrors, >>>> + unsigned int flags) >>>> +{ > > [...] > >>>> + n++; >>>> + } >>>> + ret = n; >>>> + } >>>> + >>>> + cleanup: >>>> + virDomainObjEndAPI(&vm); >>>> + if (ret < 0) { >>>> + for (i = 0; i < n; i++) >>>> + VIR_FREE(errors[i].disk); >>>> + } > > The above got changed to : > > + cleanup: > + virDomainObjEndAPI(&vm); > + if (ret < 0) { > + for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++) > + VIR_FREE(errors[i].disk); > + }
I think this change is incorrect and a bug lies in here.
If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks, maxerrors) will have been allocated, and then in the cleanup code we'll call VIR_FREE with pointers that haven't been previously allocated.
That isn't a problem. User has to passed an array that we can touch. If they store some data in it, well, their fault - how are we supposed to return anything if we can't touch the array?
I'm not sure I understand exactly what you mean.
We can touch the array of course.
What I'm saying is that we allocate memory with VIR_STRDUP for each errors[i].disk, but if the call fails we free this memory on our own.
However how it is implemented now we might call VIR_FREE on pointers for which we have *not* allocated any memory.
Because in the first loop, VIR_STRDUP might fail and send us to "cleanup". But then on cleanup we iterate over the whole errors array.
Isn't this incorrect? Do I understand something wrong?
Ah, now I get it. If user passes an array that is not zeroed out then we might end up passing a random pointer to free(). How about this then?
if (ret < 0) { while (i > 0) VIR_FREE(errors[i--].disk); }
Yes, this would work I think. And then the other changes in the cleanup etc are not needed.
Ie it can be again:
if (!(vm = testDomObjFromDomain(dom))) goto cleanup;
instead of "return -1" which is more consistent with the rest of the code.
This is done in 1/2. Or what do you mean?
I meant that the previous change of returning -1 directly instead of doing "goto cleanup" is not needed anymore. But of course it's fine either way. Just with the goto, there will be only a single point of exit.