[libvirt] [PATCH 1/4] Use explicit boolean comparison in OOM check

Daniel P. Berrange berrange at redhat.com
Thu Feb 23 09:27:02 UTC 2017 

On Thu, Feb 23, 2017 at 09:41:12AM +0100, Michal Privoznik wrote:
> On 02/22/2017 06:52 PM, Daniel P. Berrange wrote:
> > GCC 7 gets upset by
> > 
> >    if (!tmp && (size * count))
> > 
> > warning
> > 
> >   util/viralloc.c: In function 'virReallocN':
> >   util/viralloc.c:246:23: error: '*' in boolean context, suggest '&&' instead [-Werror=int-in-bool-context]
> >      if (!tmp && (size * count)) {
> >                  ~~~~~~^~~~~~~~
> > 
> > Keep it happy by adding != 0 to the right hand expression
> > so it realizes we really are wanting to treat the result
> > of the arithmetic expression as a boolean
> > 
> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> > ---
> >  src/util/viralloc.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/util/viralloc.c b/src/util/viralloc.c
> > index 812aa5b..81f99d9 100644
> > --- a/src/util/viralloc.c
> > +++ b/src/util/viralloc.c
> > @@ -243,7 +243,7 @@ int virReallocN(void *ptrptr,
> >          return -1;
> >      }
> >      tmp = realloc(*(void**)ptrptr, size * count);
> > -    if (!tmp && (size * count)) {
> > +    if (!tmp && ((size * count) != 0)) {
> >          if (report)
> >              virReportOOMErrorFull(domcode, filename, funcname, linenr);
> >          return -1;
> > 
> 
> This is just stupid. I mean the warning, not your fix.

It is a warning that is certainly going to trigger a non-negligible
number of false positives across various codebases, but I don't think
it is stupid. The pattern it is looking for here with mixed integer
and boolean operators has been a repeated source of bugs in software
and a number of them have resulted in CVEs before when they've been
mis-handling untrusted input validation or breaking crypto algorithms,
etc. 

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

More information about the libvir-list mailing list