9:19 a.m.
"dom" is set to NULL within the while loop:
virDomainObjUnlock(dom);
dom = NULL;
If on a subsequent iteration something fails,
we goto "cleanup" or "no_memory", both of which
have us run this code:
fclose(fp);
virDomainObjUnref(dom);
return -1;
And the virDomainObjUnref function would dereference "dom".
From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 15 Dec 2009 16:16:57 +0100
Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure
* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref
of "dom".
---
src/openvz/openvz_conf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c
index 7e9abbf..43bbaf2 100644
--- a/src/openvz/openvz_conf.c
+++ b/src/openvz/openvz_conf.c
@@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) {
cleanup:
fclose(fp);
- virDomainObjUnref(dom);
+ if (dom)
+ virDomainObjUnref(dom);
return -1;
}
--
1.6.6.rc2.275.g51e2d
9:27 a.m.
On Tue, Dec 15, 2009 at 04:19:23PM +0100, Jim Meyering wrote:
"dom" is set to NULL within the while loop:
virDomainObjUnlock(dom);
dom = NULL;
If on a subsequent iteration something fails,
we goto "cleanup" or "no_memory", both of which
have us run this code:
fclose(fp);
virDomainObjUnref(dom);
return -1;
And the virDomainObjUnref function would dereference "dom".
>From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering(a)redhat.com>
Date: Tue, 15 Dec 2009 16:16:57 +0100
Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure
* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref
of "dom".
---
src/openvz/openvz_conf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c
index 7e9abbf..43bbaf2 100644
--- a/src/openvz/openvz_conf.c
+++ b/src/openvz/openvz_conf.c
@@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) {
cleanup:
fclose(fp);
- virDomainObjUnref(dom);
+ if (dom)
+ virDomainObjUnref(dom);
return -1;
}
--
ACK
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
8:34 a.m.
Daniel P. Berrange wrote:
On Tue, Dec 15, 2009 at 04:19:23PM +0100, Jim Meyering wrote:
>
> "dom" is set to NULL within the while loop:
>
> virDomainObjUnlock(dom);
> dom = NULL;
>
> If on a subsequent iteration something fails,
> we goto "cleanup" or "no_memory", both of which
> have us run this code:
>
> fclose(fp);
> virDomainObjUnref(dom);
> return -1;
>
> And the virDomainObjUnref function would dereference "dom".
>
>
> >From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering(a)redhat.com>
> Date: Tue, 15 Dec 2009 16:16:57 +0100
> Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure
>
> * src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref
> of "dom".
> ---
> src/openvz/openvz_conf.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c
> index 7e9abbf..43bbaf2 100644
> --- a/src/openvz/openvz_conf.c
> +++ b/src/openvz/openvz_conf.c
> @@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) {
>
> cleanup:
> fclose(fp);
> - virDomainObjUnref(dom);
> + if (dom)
> + virDomainObjUnref(dom);
> return -1;
> }
>
> --
ACK
Pushed.
5434
days inactive
5455
days old
2 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Jim Meyering