[libvirt] [PATCH] cpu_x86.c: avoid NULL-deref for invalid arguments
Jim Meyering
jim at meyering.net
Mon Feb 1 16:27:27 UTC 2010
Jiri Denemark wrote:
>> Passing a NULL "models" pointer along with a
>> contradictory "nmodels >= 1" would cause a NULL-dereference.
>>
>> An alternative to the fix below would be simply to guard
>> the NULL-derferencing strcmp with "if (models ...",
>> but that wouldn't tell the caller that they're passing
>> bogus arguments.
> ...
>> diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
>> index dae7c90..47dc400 100644
>> --- a/src/cpu/cpu_x86.c
>> +++ b/src/cpu/cpu_x86.c
>> @@ -1,7 +1,7 @@
>> /*
>> * cpu_x86.c: CPU driver for CPUs with x86 compatible CPUID instruction
>> *
>> - * Copyright (C) 2009 Red Hat, Inc.
>> + * Copyright (C) 2009-2010 Red Hat, Inc.
>> *
>> * This library is free software; you can redistribute it and/or
>> * modify it under the terms of the GNU Lesser General Public
>> @@ -954,6 +954,9 @@ x86Decode(virCPUDefPtr cpu,
>> if (data == NULL || (map = x86LoadMap()) == NULL)
>> return -1;
>>
>> + if (models == NULL && nmodels != 0)
>> + return -1;
>> +
>
> Hmm, this check introduces a possible memory leak, as it exists the function
> without freeing map. We could just move the check at the beginning of the
> function but since this is a private architecture specific implementation for
> cpuDecode, I'd rather move the check one level up to the arch independent
> entry point. A patch for that is attached.
BTW, I've just pushed this.
More information about the libvir-list
mailing list