On 09/23/13 15:23, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Most callers of qemuParseKeywords were assigning its return value to a 'size_t' variable. Then then also checked '< 0' for error condition, but this will never be true with the unsigned size_t variable. Rather than using 'ssize_t', change qemuParseKeywords so that the element count is returned via an output parameter, leaving the return value solely as an error indicator.
This avoids a crash accessing beyond the end of an error upon OOM.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/qemu/qemu_command.c | 33 ++++++++++++++++++++------------- src/qemu/qemu_command.h | 1 + src/qemu/qemu_monitor_json.c | 4 +--- 3 files changed, 22 insertions(+), 16 deletions(-)
ACK. Peter