Matthias Bolte wrote:
2009/8/20 Chris Lalancette <clalance@redhat.com>:
Matthias Bolte wrote:
Hi,
I came across this line in the phypOpen function:
char string[strlen(conn->uri->path)];
Here the path part of the given URI is used without checking it for NULL, this can cause a segfault as strlen expects a string != NULL. Beside that uuid_db and connection_data leak in case of an error.
In this line
conn->uri->path = string;
the original path of the URI leaks. The patch adds a VIR_FREE call before setting the new path.
The attached patch is compile-tested but I don't have a Power Hypervisor installation at hand to test it for real. I've now committed this patch (with some slight munging to get it to apply to recent libvirt.git).
Thanks, -- Chris Lalancette
Well, you should have applied version 2 of this patch, because version 1 was invalidated by changes to escape_specialcharacters(). It now takes a length argument, but string isn't an array anymore (but a char pointer), so sizeof(string) does no longer the right thing:
escape_specialcharacters(conn->uri->path, string, sizeof(string))
I attached patch version 2 again.
Gah, sorry, I totally missed (or forgot about) that. I'll apply the incremental diff, thanks. -- Chris Lalancette