2010/3/22 Eric Blake <eblake@redhat.com>:
On 03/22/2010 02:40 PM, Matthias Bolte wrote:
<source file=''/> results in def->disks[i]->src == NULL. But vboxDomainDefineXML didn't check def->disks[i]->src for NULL and expected it to be a valid string.
Add checks for def->disks[i]->src != NULL to fix the segfault.
ACK, but did you catch all the places? For example,
@@ -3519,7 +3519,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) { DEBUG("disk(%d) shared: %s", i, def->disks[i]->shared ? "True" : "False");
if (def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM) { - if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE) { + if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE && + def->disks[i]->src != NULL) { IDVDDrive *dvdDrive = NULL; /* Currently CDROM/DVD Drive is always IDE * Secondary Master so neglecting the following @@ -3801,7 +3802,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
in between these two line ranges, I see a usage at line 3591 under def->disks[i]->device==VIR_DOMAIN_DISK_TYPE_DISK that seems like it could be vulnerable to the same problem.
Yep, I didn't catch all places. Here's a patch that should catch all unchecked usage of the src member. Matthias