2009/8/14 Eduardo Otubo <otubo@linux.vnet.ibm.com>:
On Fri, 2009-08-07 at 15:35 +0200, Chris Lalancette wrote:
Matthias Bolte wrote:
Hi,
I came across this line in the phypOpen function:
char string[strlen(conn->uri->path)];
Here the path part of the given URI is used without checking it for NULL, this can cause a segfault as strlen expects a string != NULL.
Heh, it's worse than that; there is a check later on for !conn || !conn->uri, so you are potentially de-referencing a NULL pointer.
Beside that uuid_db and connection_data leak in case of an error.
In this line
conn->uri->path = string;
the original path of the URI leaks. The patch adds a VIR_FREE call before setting the new path.
The attached patch is compile-tested but I don't have a Power Hypervisor installation at hand to test it for real.
I also don't have a Power Hypervisor, but it looks sane enough to me. I'll say ACK, but it's probably a good idea to get someone who has Power to test it before you commit.
I tested with some Power machines I have over here and it is ACK for me.
[]'s
A change to escape_specialcharacters() affects this patch, so I attached a v2 of it. The only change to the first patch is the caching of strlen(conn->uri->path) + 1 to use it for VIR_ALLOC_N() and escape_specialcharacters(). Matthias