[libvirt] [PATCH 2/5] openvzGetProcessInfo: address clang-detected low-probability flaw
Eric Blake
eblake at redhat.com
Wed Apr 14 14:16:13 UTC 2010
On 04/14/2010 02:46 AM, Jim Meyering wrote:
> From: Jim Meyering <meyering at redhat.com>
>
> * src/openvz/openvz_driver.c (openvzGetProcessInfo): Reorganize
> so that unexpected /proc/vz/vestat content cannot make us use
> uninitialized variables. Without this change, an input line with
> a matching "readvps", but fewer than 4 numbers would result in our
> using at least "systime" uninitialized.
> ---
> src/openvz/openvz_driver.c | 30 +++++++++++++++---------------
> 1 files changed, 15 insertions(+), 15 deletions(-)
>
> diff --git a/src/openvz/openvz_driver.c b/src/openvz/openvz_driver.c
> index 95c4236..47004d6 100644
> --- a/src/openvz/openvz_driver.c
> +++ b/src/openvz/openvz_driver.c
> @@ -1384,14 +1384,15 @@ static int openvzGetProcessInfo(unsigned long long *cpuTime, int vpsid) {
> int fd;
> char line[1024] ;
> unsigned long long usertime, systime, nicetime;
> - int readvps = 0, ret;
> + int readvps = vpsid + 1; /* ensure readvps is initially different */
> + int ret;
>
> - if (sscanf(line, "%d %llu %llu %llu",
> - &readvps, &usertime, &nicetime, &systime) != 4)
> - continue;
> -
> - if (readvps == vpsid)
> - break; /*found vpsid*/
> + if (sscanf (line, "%d %llu %llu %llu",
> + &readvps, &usertime, &nicetime, &systime) == 4
> + && readvps == vpsid) { /*found vpsid*/
> + /* convert jiffies to nanoseconds */
> + *cpuTime = (1000ull * 1000ull * 1000ull
> + * (usertime + nicetime + systime)
> + / (unsigned long long)sysconf(_SC_CLK_TCK));
> + break;
> + }
ACK that the rewrite fixes the problem. However, there's still the
issue that we're using sscanf in the first place, instead of
virStrToLong_ull; do you want to prepare a followup patch, or shall I?
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 323 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100414/5523e019/attachment-0001.sig>
More information about the libvir-list
mailing list