[libvirt] [PATCH] storage_backend_fs: avoid NULL dereference on opendir failure

Wed Sep 2 08:05:03 UTC 2009

I've just begun using clang's static analyzer,

    http://clang-analyzer.llvm.org/

It has uncovered a few problems in libvirt.
Here are the first few fixes.
I'll send more details later today.

>From b6bb9d82effa56733fbee9013e66fed384d9ff63 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 2 Sep 2009 09:42:32 +0200
Subject: [PATCH 1/4] storage_backend_fs: avoid NULL dereference on opendir failure

* src/storage_backend_fs.c (virStorageBackendFileSystemRefresh):
Don't call closedir on a NULL pointer.
---
 src/storage_backend_fs.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/storage_backend_fs.c b/src/storage_backend_fs.c
index 65b656d..8241504 100644
--- a/src/storage_backend_fs.c
+++ b/src/storage_backend_fs.c
@@ -983,7 +983,8 @@ no_memory:
     /* fallthrough */

  cleanup:
-    closedir(dir);
+    if (dir)
+        closedir(dir);
     virStorageVolDefFree(vol);
     virStoragePoolObjClearVols(pool);
     return -1;
--
1.6.4.2.395.ge3d52


>From eaae148291680a72d19aa9d5320f90b98f123746 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 2 Sep 2009 09:58:28 +0200
Subject: [PATCH 2/4] storage_conf.c: avoid overflow upon use of "z" or "Z" (zebi) suffix

* src/storage_conf.c (virStorageSize): Don't try to compute 1024^7,
since it's too large for a 64-bit type.
---
 src/storage_conf.c |    6 ------
 1 files changed, 0 insertions(+), 6 deletions(-)

diff --git a/src/storage_conf.c b/src/storage_conf.c
index c446069..110f0ad 100644
--- a/src/storage_conf.c
+++ b/src/storage_conf.c
@@ -919,12 +919,6 @@ virStorageSize(virConnectPtr conn,
                 1024ull;
             break;

-        case 'z':
-        case 'Z':
-            mult = 1024ull * 1024ull * 1024ull * 1024ull * 1024ull *
-                1024ull * 1024ull;
-            break;
-
         default:
             virStorageReportError(conn, VIR_ERR_XML_ERROR,
                                   _("unknown size units '%s'"), unit);
--
1.6.4.2.395.ge3d52


>From 7f453c68bc709d542e4c40a388c92c7969ad0a3a Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 2 Sep 2009 09:58:50 +0200
Subject: [PATCH 3/4] lxc: avoid NULL dereference when we find no mount point

* src/lxc_container.c (lxcContainerUnmountOldFS): Don't pass
a NULL pointer to qsort.
---
 src/lxc_container.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lxc_container.c b/src/lxc_container.c
index 950dd50..2073864 100644
--- a/src/lxc_container.c
+++ b/src/lxc_container.c
@@ -546,8 +546,9 @@ static int lxcContainerUnmountOldFS(void)
     }
     endmntent(procmnt);

-    qsort(mounts, nmounts, sizeof(mounts[0]),
-          lxcContainerChildMountSort);
+    if (mounts)
+        qsort(mounts, nmounts, sizeof(mounts[0]),
+              lxcContainerChildMountSort);

     for (i = 0 ; i < nmounts ; i++) {
         VIR_DEBUG("Umount %s", mounts[i]);
--
1.6.4.2.395.ge3d52


>From 4e97befca175af427ed3b75f59e67cd620ee3ce2 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Wed, 2 Sep 2009 10:02:49 +0200
Subject: [PATCH 4/4] lxc: don't unlink(NULL) in main

* src/lxc_controller.c (main): Unlink sockpath only if it's non-NULL.
---
 src/lxc_controller.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/lxc_controller.c b/src/lxc_controller.c
index 8d11238..914c10a 100644
--- a/src/lxc_controller.c
+++ b/src/lxc_controller.c
@@ -803,7 +803,8 @@ cleanup:
     if (def)
         virFileDeletePid(LXC_STATE_DIR, def->name);
     lxcControllerCleanupInterfaces(nveths, veths);
-    unlink(sockpath);
+    if (sockpath):
+        unlink(sockpath);
     VIR_FREE(sockpath);

     return rc;
--
1.6.4.2.395.ge3d52


