[libvirt] Power Hypervisor: Fix potential segfault and memleak in phypOpen
Eduardo Otubo
otubo at linux.vnet.ibm.com
Fri Aug 14 17:07:23 UTC 2009
On Fri, 2009-08-07 at 15:35 +0200, Chris Lalancette wrote:
> Matthias Bolte wrote:
> > Hi,
> >
> > I came across this line in the phypOpen function:
> >
> > char string[strlen(conn->uri->path)];
> >
> > Here the path part of the given URI is used without checking it for
> > NULL, this can cause a segfault as strlen expects a string != NULL.
>
> Heh, it's worse than that; there is a check later on for !conn || !conn->uri, so
> you are potentially de-referencing a NULL pointer.
>
> > Beside that uuid_db and connection_data leak in case of an error.
> >
> > In this line
> >
> > conn->uri->path = string;
> >
> > the original path of the URI leaks. The patch adds a VIR_FREE call
> > before setting the new path.
> >
> > The attached patch is compile-tested but I don't have a Power
> > Hypervisor installation at hand to test it for real.
>
> I also don't have a Power Hypervisor, but it looks sane enough to me. I'll say
> ACK, but it's probably a good idea to get someone who has Power to test it
> before you commit.
>
I tested with some Power machines I have over here and it is ACK for me.
[]'s
--
Eduardo Otubo
Software Engineer
Linux Technology Center
IBM Systems & Technology Group
Mobile: +55 19 8135 0885
otubo at linux.vnet.ibm.com
More information about the libvir-list
mailing list