[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] qemu: avoid null pointer dereference

This code has had problems historically.  As originally
written, in commit 6bcf2501 (Jun 08), it could call unlink
on a random string, nuking an unrelated file.

Then commit 182a80b9 (Sep 09), the code was rewritten to
allocate tmp, with both a use-after-free bug and a chance to
call unlink(NULL).

Commit e206946 (Mar 11) fixed the use-after-free, but not the
NULL dereference.  Thanks to clang for catching this!

* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
unlink on NULL.
 src/qemu/qemu_driver.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 16d869d..3ee4720 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5355,7 +5355,8 @@ endjob:

-    unlink (tmp);
+    if (tmp)
+        unlink (tmp);
     if (vm)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]