On Mon, Apr 28, 2008 at 11:42:47PM +0100, Daniel P. Berrange wrote:
The Xen driver uses a regex to process the hypervisor capabilities data
"(xen|hvm)-[[:digit:]]+\\.[[:digit:]]+-(x86_32|x86_64|ia64|powerpc64)(p|be)?";
notice how the last match group, however, is optional due to the '?'. The code processing matches does not check to see if the match is present or not, and just indexes the string on match 3
if (strncmp (&token[subs[3].rm_so], "p", 1) == 0)
Unfortunately, subs[3].rm_so is -1 if the match was not present, so we're doing an out of bounds array access here. This is fairly harmless, but it is still good to fix it. So this patch adds a check for -1 before accessing the match. I also replace the strncmp() calls with a call to the brand new STRPREFIX() convenience macro
Okidoc, i assume valgrind spotted that, that's fairly well hidden ... +1 Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/