[libvirt] [PATCH 3/7] nwfilter_ebiptables_driver.c: avoid NULL dereference

Stefan Berger stefanb at us.ibm.com
Thu Apr 15 00:04:20 UTC 2010


libvir-list-bounces at redhat.com wrote on 04/14/2010 01:40:17 PM:


> Please respond to "Daniel P. Berrange"
> 
> On Wed, Apr 14, 2010 at 06:02:32PM +0200, Jim Meyering wrote:
> > From: Jim Meyering <meyering at redhat.com>
> > 
> > * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules):
> > Don't dereference a NULL or uninitialized pointer when given
> > an empty list of rules.  Add an sa_assert(inst) in each loop to
> > tell clang that the uses of "inst[i]" are valid.
> > ---
> >  src/nwfilter/nwfilter_ebiptables_driver.c |    8 +++++---
> >  1 files changed, 5 insertions(+), 3 deletions(-)
> > 
> > diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/
> nwfilter/nwfilter_ebiptables_driver.c
> > index b481b4c..f54099f 100644
> > --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> > +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> > @@ -2834,11 +2834,11 @@ ebiptablesApplyNewRules(virConnectPtr conn
> ATTRIBUTE_UNUSED,
> >      bool haveIptables = false;
> >      bool haveIp6tables = false;
> > 
> > -    if (inst)
> > -        qsort(inst, nruleInstances, sizeof(inst[0]),
> > -              ebiptablesRuleOrderSort);
> > +    if (nruleInstances > 1 && inst)
> > +        qsort(inst, nruleInstances, sizeof(inst[0]), 
> ebiptablesRuleOrderSort);
> > 
> >      for (i = 0; i < nruleInstances; i++) {
> > +        sa_assert (inst);
> >          if (inst[i]->ruleType == RT_EBTABLES) {
> >              if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP)
> >                  chains_in  |= (1 << inst[i]->neededProtocolChain);
> > @@ -2881,6 +2881,7 @@ ebiptablesApplyNewRules(virConnectPtr conn 
> ATTRIBUTE_UNUSED,
> >          goto tear_down_tmpebchains;
> > 
> >      for (i = 0; i < nruleInstances; i++)
> > +        sa_assert (inst);


Due to this statement here I get segmentation faults for which there is no 
reason. I have no idea why that is but I have to deactivate this line for 
it to work again.
The same is not true for the statement further above...  So strange.

   Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100414/af3cde2c/attachment-0001.htm>


More information about the libvir-list mailing list