1:10 p.m.
From: Alex Jia <ajia(a)redhat.com>
* src/locking/lock_driver_sanlock.c: in fact, virStrcpy calls
virStrncpy(dest, src, strlen(src), destbytes) then return result,
if 'path' is NULL, it means 'src' is also NULL, strlen(NULL) will
dereference a NULL pointer, which probably causes a segmentation fault.
Signed-off-by: Alex Jia <ajia(a)redhat.com>
---
src/locking/lock_driver_sanlock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c
index 2d72510..8c6d873 100644
--- a/src/locking/lock_driver_sanlock.c
+++ b/src/locking/lock_driver_sanlock.c
@@ -158,7 +158,7 @@ static int virLockManagerSanlockSetupLockspace(void)
memcpy(ls.name, VIR_LOCK_MANAGER_SANLOCK_AUTO_DISK_LOCKSPACE, SANLK_NAME_LEN);
ls.host_id = 0; /* Doesn't matter for initialization */
ls.flags = 0;
- if (!virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) {
+ if (!path || !virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) {
virLockError(VIR_ERR_INTERNAL_ERROR,
_("Lockspace path '%s' exceeded %d characters"),
path, SANLK_PATH_LEN);
--
1.7.1
3:12 p.m.
On 09/21/2011 12:10 PM, ajia(a)redhat.com wrote:
From: Alex Jia<ajia(a)redhat.com>
* src/locking/lock_driver_sanlock.c: in fact, virStrcpy calls
virStrncpy(dest, src, strlen(src), destbytes) then return result,
if 'path' is NULL, it means 'src' is also NULL, strlen(NULL) will
dereference a NULL pointer, which probably causes a segmentation fault.
Signed-off-by: Alex Jia<ajia(a)redhat.com>
---
src/locking/lock_driver_sanlock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c
index 2d72510..8c6d873 100644
--- a/src/locking/lock_driver_sanlock.c
+++ b/src/locking/lock_driver_sanlock.c
@@ -158,7 +158,7 @@ static int virLockManagerSanlockSetupLockspace(void)
memcpy(ls.name, VIR_LOCK_MANAGER_SANLOCK_AUTO_DISK_LOCKSPACE, SANLK_NAME_LEN);
ls.host_id = 0; /* Doesn't matter for initialization */
ls.flags = 0;
- if (!virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) {
+ if (!path || !virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) {
virLockError(VIR_ERR_INTERNAL_ERROR,
_("Lockspace path '%s' exceeded %d
characters"),
path, SANLK_PATH_LEN);
NACK. The prior virAsprintf guarantees that path is non-NULL at this
point. Rather, the real problem that Coverity is complaining about here
is that the only way to get to the error_unlink: label is if path is
already non-NULL, so that the 'if (path)' in that label is redundant.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
8:18 p.m.
On 09/22/2011 04:12 AM, Eric Blake wrote:
On 09/21/2011 12:10 PM, ajia(a)redhat.com wrote:
> From: Alex Jia<ajia(a)redhat.com>
>
> * src/locking/lock_driver_sanlock.c: in fact, virStrcpy calls
> virStrncpy(dest, src, strlen(src), destbytes) then return result,
> if 'path' is NULL, it means 'src' is also NULL, strlen(NULL) will
> dereference a NULL pointer, which probably causes a segmentation
> fault.
>
> Signed-off-by: Alex Jia<ajia(a)redhat.com>
> ---
> src/locking/lock_driver_sanlock.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/locking/lock_driver_sanlock.c
> b/src/locking/lock_driver_sanlock.c
> index 2d72510..8c6d873 100644
> --- a/src/locking/lock_driver_sanlock.c
> +++ b/src/locking/lock_driver_sanlock.c
> @@ -158,7 +158,7 @@ static int virLockManagerSanlockSetupLockspace(void)
> memcpy(ls.name, VIR_LOCK_MANAGER_SANLOCK_AUTO_DISK_LOCKSPACE,
> SANLK_NAME_LEN);
> ls.host_id = 0; /* Doesn't matter for initialization */
> ls.flags = 0;
> - if (!virStrcpy(ls.host_id_disk.path, path, SANLK_PATH_LEN)) {
> + if (!path || !virStrcpy(ls.host_id_disk.path, path,
> SANLK_PATH_LEN)) {
> virLockError(VIR_ERR_INTERNAL_ERROR,
> _("Lockspace path '%s' exceeded %d
characters"),
> path, SANLK_PATH_LEN);
NACK. The prior virAsprintf guarantees that path is non-NULL at this
point. Rather, the real problem that Coverity is complaining about
here is that the only way to get to the error_unlink: label is if path
is already non-NULL, so that the 'if (path)' in that label is redundant.
Yeah, you're right, I will commit a new patch, because this subject is
inappropriate, so I haven't naming v2 for this patch, the new patch
subject is "[libvirt] [PATCH] locking: remove redundant codes".
Thanks,
Alex
3:22 p.m.
New subject: [libvirt] [PATCH] sanlock: fix memory leak
Detected by Coverity. The only way to get to error_unlink is if
path was successfully assigned, so the if was useless. Meanwhile,
there was a return statement that did not free path.
* src/locking/lock_driver_sanlock.c
(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
useless if.
---
src/locking/lock_driver_sanlock.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c
index 2d72510..13940f1 100644
--- a/src/locking/lock_driver_sanlock.c
+++ b/src/locking/lock_driver_sanlock.c
@@ -239,7 +239,7 @@ static int virLockManagerSanlockSetupLockspace(void)
virReportSystemError(-rv,
_("Unable to add lockspace %s"),
path);
- return -1;
+ goto error_unlink;
} else {
VIR_DEBUG("Lockspace %s is already registered", path);
}
@@ -250,8 +250,7 @@ static int virLockManagerSanlockSetupLockspace(void)
return 0;
error_unlink:
- if (path)
- unlink(path);
+ unlink(path);
error:
VIR_FORCE_CLOSE(fd);
VIR_FREE(path);
--
1.7.4.4
12:45 a.m.
New subject: [libvirt] [PATCH] sanlock: fix memory leak
On Wed, Sep 21, 2011 at 02:22:57PM -0600, Eric Blake wrote:
Detected by Coverity. The only way to get to error_unlink is if
path was successfully assigned, so the if was useless. Meanwhile,
there was a return statement that did not free path.
* src/locking/lock_driver_sanlock.c
(virLockManagerSanlockSetupLockspace): Fix mem-leak, and drop
useless if.
---
src/locking/lock_driver_sanlock.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/locking/lock_driver_sanlock.c b/src/locking/lock_driver_sanlock.c
index 2d72510..13940f1 100644
--- a/src/locking/lock_driver_sanlock.c
+++ b/src/locking/lock_driver_sanlock.c
@@ -239,7 +239,7 @@ static int virLockManagerSanlockSetupLockspace(void)
virReportSystemError(-rv,
_("Unable to add lockspace %s"),
path);
- return -1;
+ goto error_unlink;
} else {
VIR_DEBUG("Lockspace %s is already registered", path);
}
@@ -250,8 +250,7 @@ static int virLockManagerSanlockSetupLockspace(void)
return 0;
error_unlink:
- if (path)
- unlink(path);
+ unlink(path);
error:
VIR_FORCE_CLOSE(fd);
VIR_FREE(path);
ACK and pushed, thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
4810
days inactive
4811
days old
4 comments
4 participants
participants (4)
-
ajia@redhat.com -
Alex Jia
-
Daniel Veillard -
Eric Blake