[libvirt] [PATCH] vbox: Fix segfault on empty device source
Eric Blake
eblake at redhat.com
Mon Mar 22 21:05:33 UTC 2010
On 03/22/2010 02:40 PM, Matthias Bolte wrote:
> <source file=''/> results in def->disks[i]->src == NULL. But
> vboxDomainDefineXML didn't check def->disks[i]->src for NULL
> and expected it to be a valid string.
>
> Add checks for def->disks[i]->src != NULL to fix the segfault.
ACK, but did you catch all the places? For example,
> @@ -3519,7 +3519,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
> DEBUG("disk(%d) shared: %s", i, def->disks[i]->shared ? "True" : "False");
>
> if (def->disks[i]->device == VIR_DOMAIN_DISK_DEVICE_CDROM) {
> - if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE) {
> + if (def->disks[i]->type == VIR_DOMAIN_DISK_TYPE_FILE &&
> + def->disks[i]->src != NULL) {
> IDVDDrive *dvdDrive = NULL;
> /* Currently CDROM/DVD Drive is always IDE
> * Secondary Master so neglecting the following
> @@ -3801,7 +3802,8 @@ static virDomainPtr vboxDomainDefineXML(virConnectPtr conn, const char *xml) {
in between these two line ranges, I see a usage at line 3591 under
def->disks[i]->device==VIR_DOMAIN_DISK_TYPE_DISK that seems like it
could be vulnerable to the same problem.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 323 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100322/b30aa2e9/attachment-0001.sig>
More information about the libvir-list
mailing list