[libvirt] [PATCH] util: avoid null deref on qcowXGetBackingStore
From: Alex Jia <ajia@redhat.com> Detected by Coverity. the only case is caller passes a NULL to 'format' variable, then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat will directly dereferences the NULL 'format' pointer variable. Signed-off-by: Alex Jia <ajia@redhat.com> --- src/util/storage_file.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/util/storage_file.c b/src/util/storage_file.c index f33ea74..ba9cfc5 100644 --- a/src/util/storage_file.c +++ b/src/util/storage_file.c @@ -333,7 +333,7 @@ qcowXGetBackingStore(char **res, * between the end of the header (QCOW2_HDR_TOTAL_SIZE) * and the start of the backingStoreName (offset) */ - if (isQCow2) + if (isQCow2 && format) qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset); return BACKING_STORE_OK; -- 1.7.1
On 30.11.2011 08:50, ajia@redhat.com wrote:
From: Alex Jia <ajia@redhat.com>
Detected by Coverity. the only case is caller passes a NULL to 'format' variable, then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat will directly dereferences the NULL 'format' pointer variable.
Signed-off-by: Alex Jia <ajia@redhat.com> ---
ACK & pushed. Michal
participants (2)
-
ajia@redhat.com -
Michal Privoznik