[PATCH 0/3] Misc minor fixes
These are some very minor bugs discovered by an AI based code analysis tool. The code changes are 100% human authored. Daniel P. Berrangé (3): scripts: use subprocess.run instead of os.system src: check for invalid stream in virStreamInData tools/nss: check for missing array element scripts/check-file-access.py | 7 +++---- src/libvirt-stream.c | 1 + tools/nss/libvirt_nss_macs.c | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) -- 2.51.1
From: Daniel P. Berrangé <berrange@redhat.com> The subprocess.run command avoids using the shell and so is robust should sys.argv contain any whitespace or unexpected shell meta characters. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- scripts/check-file-access.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scripts/check-file-access.py b/scripts/check-file-access.py index 2636eb4f96..71130d4dec 100755 --- a/scripts/check-file-access.py +++ b/scripts/check-file-access.py @@ -23,6 +23,7 @@ import os import re +import subprocess import sys import tempfile @@ -36,11 +37,9 @@ permitted_file = os.path.join(abs_srcdir, 'permitted_file_access.txt') os.environ['VIR_TEST_FILE_ACCESS_OUTPUT'] = access_file -test = ' '.join(sys.argv[1:]) +proc = subprocess.run(sys.argv[1:]) -ret = os.system(test) - -if ret != 0 or os.read(access_fd, 10) == b'': +if proc.returncode != 0 or os.read(access_fd, 10) == b'': os.close(access_fd) os.remove(access_file) sys.exit(ret) -- 2.51.1
From: Daniel P. Berrangé <berrange@redhat.com> All methods must use virCheckStreamReturn to validate their 'stream' parameter. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/libvirt-stream.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libvirt-stream.c b/src/libvirt-stream.c index 12b6333692..ca4d90140e 100644 --- a/src/libvirt-stream.c +++ b/src/libvirt-stream.c @@ -541,6 +541,7 @@ virStreamInData(virStreamPtr stream, VIR_DEBUG("stream=%p, data=%p, length=%p", stream, data, length); virResetLastError(); + virCheckStreamReturn(stream, -1); virCheckNonNullArgReturn(data, -1); virCheckNonNullArgReturn(length, -1); -- 2.51.1
From: Daniel P. Berrangé <berrange@redhat.com> We've already checked the upper bound of the array, but we should none the less sanity check that the requested array element is not NULL before dereferencing it. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tools/nss/libvirt_nss_macs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c index 44544624f3..1110848060 100644 --- a/tools/nss/libvirt_nss_macs.c +++ b/tools/nss/libvirt_nss_macs.c @@ -101,6 +101,8 @@ findMACsFromJSON(json_object *jobj, char *macstr; macobj = json_object_array_get_idx(macsArray, j); + if (!macobj) + return -1; macstr = strdup(json_object_get_string(macobj)); if (!macstr) return -1; -- 2.51.1
On 11/6/25 12:57, Daniel P. Berrangé via Devel wrote:
These are some very minor bugs discovered by an AI based code analysis tool. The code changes are 100% human authored.
Daniel P. Berrangé (3): scripts: use subprocess.run instead of os.system src: check for invalid stream in virStreamInData tools/nss: check for missing array element
scripts/check-file-access.py | 7 +++---- src/libvirt-stream.c | 1 + tools/nss/libvirt_nss_macs.c | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
participants (2)
-
Daniel P. Berrangé -
Michal Prívozník