[libvirt] [PATCH] openvz_conf.c: don't dereference NULL upon failure

"dom" is set to NULL within the while loop: virDomainObjUnlock(dom); dom = NULL; If on a subsequent iteration something fails, we goto "cleanup" or "no_memory", both of which have us run this code: fclose(fp); virDomainObjUnref(dom); return -1; And the virDomainObjUnref function would dereference "dom".
From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 15 Dec 2009 16:16:57 +0100 Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure
* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref of "dom". --- src/openvz/openvz_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c index 7e9abbf..43bbaf2 100644 --- a/src/openvz/openvz_conf.c +++ b/src/openvz/openvz_conf.c @@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) { cleanup: fclose(fp); - virDomainObjUnref(dom); + if (dom) + virDomainObjUnref(dom); return -1; } -- 1.6.6.rc2.275.g51e2d

On Tue, Dec 15, 2009 at 04:19:23PM +0100, Jim Meyering wrote:
"dom" is set to NULL within the while loop:
virDomainObjUnlock(dom); dom = NULL;
If on a subsequent iteration something fails, we goto "cleanup" or "no_memory", both of which have us run this code:
fclose(fp); virDomainObjUnref(dom); return -1;
And the virDomainObjUnref function would dereference "dom".
From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 15 Dec 2009 16:16:57 +0100 Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure
* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref of "dom". --- src/openvz/openvz_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c index 7e9abbf..43bbaf2 100644 --- a/src/openvz/openvz_conf.c +++ b/src/openvz/openvz_conf.c @@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) {
cleanup: fclose(fp); - virDomainObjUnref(dom); + if (dom) + virDomainObjUnref(dom); return -1; }
--
ACK Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Daniel P. Berrange wrote:
On Tue, Dec 15, 2009 at 04:19:23PM +0100, Jim Meyering wrote:
"dom" is set to NULL within the while loop:
virDomainObjUnlock(dom); dom = NULL;
If on a subsequent iteration something fails, we goto "cleanup" or "no_memory", both of which have us run this code:
fclose(fp); virDomainObjUnref(dom); return -1;
And the virDomainObjUnref function would dereference "dom".
From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@redhat.com> Date: Tue, 15 Dec 2009 16:16:57 +0100 Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure
* src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref of "dom". --- src/openvz/openvz_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c index 7e9abbf..43bbaf2 100644 --- a/src/openvz/openvz_conf.c +++ b/src/openvz/openvz_conf.c @@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) {
cleanup: fclose(fp); - virDomainObjUnref(dom); + if (dom) + virDomainObjUnref(dom); return -1; }
--
ACK
Pushed.
participants (2)
-
Daniel P. Berrange
-
Jim Meyering