Re: [libvirt] Power Hypervisor: Fix potential segfault and memleak in phypOpen

2009/8/20 Chris Lalancette <clalance(a)redhat.com&gt;: > Matthias Bolte wrote: >> Hi, >> >> I came across this line in the phypOpen function: >> >> char string[strlen(conn->uri->path)]; >> >> Here the path part of the given URI is used without checking it for >> NULL, this can cause a segfault as strlen expects a string != NULL. >> Beside that uuid_db and connection_data leak in case of an error. >> >> In this line >> >> conn->uri->path = string; >> >> the original path of the URI leaks. The patch adds a VIR_FREE call >> before setting the new path. >> >> The attached patch is compile-tested but I don't have a Power >> Hypervisor installation at hand to test it for real. > I've now committed this patch (with some slight munging to get it to apply to > recent libvirt.git). > > Thanks, > -- > Chris Lalancette > Well, you should have applied version 2 of this patch, because version 1 was invalidated by changes to escape_specialcharacters(). It now takes a length argument, but string isn't an array anymore (but a char pointer), so sizeof(string) does no longer the right thing: escape_specialcharacters(conn->uri->path, string, sizeof(string)) I attached patch version 2 again.