[libvirt] [PATCH 2/2] util: Avoid possible NULL dereference in virSysinfoParsePPCProcessor

John Ferlan jferlan at redhat.com
Tue Mar 7 12:15:42 UTC 2017


Found by Coverity. Because there's an "if ((cur = strstr(base, "revision"))
 != NULL) {" followed by a "base = cur" coverity notes that 'base' could
then be NULL causing the return to the top of the "while ((tmp_base =
strstr(base, "processor")) != NULL) {" to have strstr deref a NULL 'base'
pointer because the setting of base at the bottom of the loop is unconditional.

Alter the code to set "base = cur" after processing each key. That will
"ensure" that base doesn't get set to NULL if both "cpu" and "revision"
do no follow a "processor".

While a /proc/cpuinfo file that has a "processor" key but with neither
a "cpu" nor a "revision" doesn't seem feasible, the code is written as if
it could happen, so we have to account for it.

Signed-off-by: John Ferlan <jferlan at redhat.com>
---
 src/util/virsysinfo.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/util/virsysinfo.c b/src/util/virsysinfo.c
index 14c17a8..8d3377c 100644
--- a/src/util/virsysinfo.c
+++ b/src/util/virsysinfo.c
@@ -231,6 +231,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret)
         if (eol && VIR_STRNDUP(processor->processor_socket_destination,
                                cur, eol - cur) < 0)
             return -1;
+        base = cur;
 
         if ((cur = strstr(base, "cpu")) != NULL) {
             cur = strchr(cur, ':') + 1;
@@ -239,6 +240,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret)
             if (eol && VIR_STRNDUP(processor->processor_type,
                                    cur, eol - cur) < 0)
                 return -1;
+            base = cur;
         }
 
         if ((cur = strstr(base, "revision")) != NULL) {
@@ -248,9 +250,9 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret)
             if (eol && VIR_STRNDUP(processor->processor_version,
                                    cur, eol - cur) < 0)
                 return -1;
+            base = cur;
         }
 
-        base = cur;
     }
 
     return 0;
-- 
2.9.3




More information about the libvir-list mailing list