[libvirt] [PATCH 2/5] openvzGetProcessInfo: address clang-detected low-probability flaw
Jim Meyering
jim at meyering.net
Wed Apr 14 14:20:27 UTC 2010
Eric Blake wrote:
> On 04/14/2010 02:46 AM, Jim Meyering wrote:
>> From: Jim Meyering <meyering at redhat.com>
>>
>> * src/openvz/openvz_driver.c (openvzGetProcessInfo): Reorganize
>> so that unexpected /proc/vz/vestat content cannot make us use
>> uninitialized variables. Without this change, an input line with
>> a matching "readvps", but fewer than 4 numbers would result in our
>> using at least "systime" uninitialized.
>> ---
>> src/openvz/openvz_driver.c | 30 +++++++++++++++---------------
>> 1 files changed, 15 insertions(+), 15 deletions(-)
>>
>> diff --git a/src/openvz/openvz_driver.c b/src/openvz/openvz_driver.c
>> index 95c4236..47004d6 100644
>> --- a/src/openvz/openvz_driver.c
>> +++ b/src/openvz/openvz_driver.c
>> @@ -1384,14 +1384,15 @@ static int openvzGetProcessInfo(unsigned long long *cpuTime, int vpsid) {
>> int fd;
>> char line[1024] ;
>> unsigned long long usertime, systime, nicetime;
>> - int readvps = 0, ret;
>> + int readvps = vpsid + 1; /* ensure readvps is initially different */
>> + int ret;
>>
>> - if (sscanf(line, "%d %llu %llu %llu",
>> - &readvps, &usertime, &nicetime, &systime) != 4)
>> - continue;
>> -
>> - if (readvps == vpsid)
>> - break; /*found vpsid*/
>> + if (sscanf (line, "%d %llu %llu %llu",
>> + &readvps, &usertime, &nicetime, &systime) == 4
>> + && readvps == vpsid) { /*found vpsid*/
>> + /* convert jiffies to nanoseconds */
>> + *cpuTime = (1000ull * 1000ull * 1000ull
>> + * (usertime + nicetime + systime)
>> + / (unsigned long long)sysconf(_SC_CLK_TCK));
>> + break;
>> + }
>
> ACK that the rewrite fixes the problem. However, there's still the
Thanks for the review.
> issue that we're using sscanf in the first place, instead of
> virStrToLong_ull; do you want to prepare a followup patch, or shall I?
I am in no big hurry on that front, at least not for this
particular case, where the risk of bogus input is probably negligible.
More information about the libvir-list
mailing list