[libvirt] [PATCH] conf: Don't free uninitialized pointer
This causes libvirtd to crash when both <boot dev='...'/> and <boot order='...'/> are used in one domain XML. Introduced by 5fa3d775a9f8cdb3423373eb084219aaf778df11 --- src/conf/domain_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 238edfd..a85f837 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -6430,7 +6430,8 @@ virDomainDefParseBootXML(xmlXPathContextPtr ctxt, { xmlNodePtr *nodes = NULL; int i, n; - char *bootstr, *useserial; + char *bootstr; + char *useserial = NULL; int ret = -1; unsigned long deviceBoot, serialPorts; -- 1.7.7.2
On 04.11.2011 09:33, Jiri Denemark wrote:
This causes libvirtd to crash when both <boot dev='...'/> and <boot order='...'/> are used in one domain XML. Introduced by 5fa3d775a9f8cdb3423373eb084219aaf778df11 --- src/conf/domain_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 238edfd..a85f837 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -6430,7 +6430,8 @@ virDomainDefParseBootXML(xmlXPathContextPtr ctxt, { xmlNodePtr *nodes = NULL; int i, n; - char *bootstr, *useserial; + char *bootstr; + char *useserial = NULL; int ret = -1; unsigned long deviceBoot, serialPorts;
ACK, other solution would be to VIR_FREE(useserial) in if(useserial) {} like we do for bootstr; But that is just cosmetic not a show stopper. Michal
On Fri, Nov 04, 2011 at 09:33:24AM +0100, Jiri Denemark wrote:
This causes libvirtd to crash when both <boot dev='...'/> and <boot order='...'/> are used in one domain XML. Introduced by 5fa3d775a9f8cdb3423373eb084219aaf778df11 --- src/conf/domain_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 238edfd..a85f837 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -6430,7 +6430,8 @@ virDomainDefParseBootXML(xmlXPathContextPtr ctxt, { xmlNodePtr *nodes = NULL; int i, n; - char *bootstr, *useserial; + char *bootstr; + char *useserial = NULL; int ret = -1; unsigned long deviceBoot, serialPorts;
Actually any input forcing us to go to cleanup before it's init would lead to the crash, I count 5 cases :-\ thanks for spotting this, confirmation again what while cleaning Coverity large set one always reintroduce some errors back, good thing that one is trivial to fix :-) ! ACK Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On Fri, Nov 04, 2011 at 17:08:06 +0800, Daniel Veillard wrote:
On Fri, Nov 04, 2011 at 09:33:24AM +0100, Jiri Denemark wrote:
This causes libvirtd to crash when both <boot dev='...'/> and <boot order='...'/> are used in one domain XML. Introduced by 5fa3d775a9f8cdb3423373eb084219aaf778df11 --- src/conf/domain_conf.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 238edfd..a85f837 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -6430,7 +6430,8 @@ virDomainDefParseBootXML(xmlXPathContextPtr ctxt, { xmlNodePtr *nodes = NULL; int i, n; - char *bootstr, *useserial; + char *bootstr; + char *useserial = NULL; int ret = -1; unsigned long deviceBoot, serialPorts;
Actually any input forcing us to go to cleanup before it's init would lead to the crash, I count 5 cases :-\
Right, I didn't check how many paths can lead to freeing this uninitialized pointer since even one path is enough to be a real problem :-)
thanks for spotting this, confirmation again what while cleaning Coverity large set one always reintroduce some errors back, good thing that one is trivial to fix :-) !
ACK
Thanks and pushed. Jirka
participants (3)
-
Daniel Veillard -
Jiri Denemark -
Michal Privoznik