[libvirt] [PATCH] virConfSaveValue: protect against a NULL pointer reference
Jim Fehlig
jfehlig at suse.com
Thu Apr 13 17:12:36 UTC 2017
Wim Ten Have wrote:
> From: Wim ten Have <wim.ten.have at oracle.com>
Sorry for the delay. I've not had time to work on upstream libvirt activities
recently...
>
> Fix xlconfigtest runs build for --enable-test-oom on
> Xen XL-2-XML Parse channel-pty
>
> Program received signal SIGSEGV, Segmentation fault.
>
> #0 0x00007ffff3c2b373 in __strchr_sse2 () from /lib64/libc.so.6
> ==> #1 0x00007ffff7875701 in virConfSaveValue (buf=buf at entry=0x7fffffffd8a0, val=val at entry=0x674750) at util/virconf.c:290
> #2 0x00007ffff7875668 in virConfSaveValue (buf=buf at entry=0x7fffffffd8a0, val=<optimized out>) at util/virconf.c:306
> #3 0x00007ffff78757ef in virConfSaveEntry (buf=buf at entry=0x7fffffffd8a0, cur=cur at entry=0x674780) at util/virconf.c:338
> #4 0x00007ffff78783eb in virConfWriteMem (memory=0x665570 "", len=len at entry=0x7fffffffd910, conf=conf at entry=0x65b940)
> at util/virconf.c:1543
> #5 0x000000000040eccb in testCompareParseXML (replaceVars=<optimized out>, xml=<optimized out>,
> xlcfg=0x662c00 "/home/wtenhave/WORK/libvirt/OOMtesting/libvirt-devel/tests/xlconfigdata/test-channel-pty.cfg")
> at xlconfigtest.c:108
> #6 testCompareHelper (data=<optimized out>) at xlconfigtest.c:205
> #7 0x0000000000410b3a in virTestRun (title=title at entry=0x432cc0 "Xen XL-2-XML Parse channel-pty",
> body=body at entry=0x40e9b0 <testCompareHelper>, data=data at entry=0x7fffffffd9f0) at testutils.c:247
> #8 0x000000000040f322 in mymain () at xlconfigtest.c:278
> #9 0x0000000000411410 in virTestMain (argc=1, argv=0x7fffffffdba8, func=0x40f660 <mymain>) at testutils.c:992
> #10 0x00007ffff3bc0401 in __libc_start_main () from /lib64/libc.so.6
> #11 0x000000000040e86a in _start ()
>
> (gdb) frame 1
> #1 0x00007ffff7875701 in virConfSaveValue (buf=buf at entry=0x7fffffffd8a0, val=val at entry=0x674750) at util/virconf.c:290
> 290 if (strchr(val->str, '\n') != NULL) {
> (gdb) print *val
> $1 = {type = VIR_CONF_STRING, next = 0x0, l = 0, str = 0x0, list = 0x0}
>
> Signed-off-by: Wim ten Have <wim.ten.have at oracle.com>
> ---
> src/util/virconf.c | 18 ++++++++++--------
> 1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/src/util/virconf.c b/src/util/virconf.c
> index a85a307..9840ca6 100644
> --- a/src/util/virconf.c
> +++ b/src/util/virconf.c
> @@ -287,14 +287,16 @@ virConfSaveValue(virBufferPtr buf, virConfValuePtr val)
> virBufferAsprintf(buf, "%llu", val->l);
> break;
> case VIR_CONF_STRING:
> - if (strchr(val->str, '\n') != NULL) {
> - virBufferAsprintf(buf, "\"\"\"%s\"\"\"", val->str);
> - } else if (strchr(val->str, '"') == NULL) {
> - virBufferAsprintf(buf, "\"%s\"", val->str);
> - } else if (strchr(val->str, '\'') == NULL) {
> - virBufferAsprintf(buf, "'%s'", val->str);
> - } else {
> - virBufferAsprintf(buf, "\"\"\"%s\"\"\"", val->str);
> + if (val->str) {
> + if (strchr(val->str, '\n') != NULL) {
> + virBufferAsprintf(buf, "\"\"\"%s\"\"\"", val->str);
> + } else if (strchr(val->str, '"') == NULL) {
> + virBufferAsprintf(buf, "\"%s\"", val->str);
> + } else if (strchr(val->str, '\'') == NULL) {
> + virBufferAsprintf(buf, "'%s'", val->str);
> + } else {
> + virBufferAsprintf(buf, "\"\"\"%s\"\"\"", val->str);
> + }
Odd that we've not stumbled across this earlier. But ACK to making this code a
bit more resilient. Patch has been pushed now.
BTW, I noticed a few more OOM test failures in the channel formating code. Patch
sent. Can you help review it?
https://www.redhat.com/archives/libvir-list/2017-April/msg00740.html
Regards,
Jim
More information about the libvir-list
mailing list