On 01/18/2011 11:04 AM, Daniel P. Berrange wrote:
If the XML security model is NULL, it is assumed that the current model will be used with dynamic labelling. The verify step is meaningless and potentially crashes if dereferencing NULL
* src/security/security_manager.c: Skip NULL model on verify --- src/security/security_manager.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c index 66cffb5..1bc0ebb 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -309,6 +309,13 @@ int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, int virSecurityManagerVerify(virSecurityManagerPtr mgr, virDomainDefPtr def) { + /* NULL model == dynamic labelling, with whatever drive
s/drive/driver/ /me repeats to myself: I promise to overlook US vs. UK spelling differences such as labeling, when the difference only occurs in a comment and not in the API or a translated string
+ * is active, so we can short circuit verify check to + * avoid drivers dereferencing NULLs by accident + */
ACK. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org