[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v1] xenParseXLDiskSrc: protect against a NULL pointer reference



From: Wim ten Have <wim ten have oracle com>

Working larger code changes whilst testing functionality and domxml
conversion methodology for xen-xl (xenconfig) a cumbersome caveat surfaced
that potentially can take libvirtd out with a SEGV when parsing complex
disk xl.cfg directives.

This patch also includes tests/xlconfigdata adjustments to illustrate
specific disk xl.cfg directive and that way updating test 2-ways.

Running the tests with defensive code fix all will run without trouble,
running it without the code fix testing will trap with below listed
debug transcript.

<wtenhave nina:21-ba$h> VIR_TEST_DEBUG=1 ./run gdb ./tests/xlconfigtest
TEST: xlconfigtest
 1) Xen XL-2-XML Parse  fullvirt-ovmf                   ... OK
 2) Xen XL-2-XML Format fullvirt-ovmf                   ... OK
 3) Xen XL-2-XML Parse  paravirt-maxvcpus               ... OK
 4) Xen XL-2-XML Format paravirt-maxvcpus               ... OK
 5) Xen XL-2-XML Parse  new-disk                        ... OK
 6) Xen XL-2-XML Format new-disk                        ... OK
 7) Xen XL-2-XML Format disk-positional-parms-full      ... OK
 8) Xen XL-2-XML Format disk-positional-parms-partial   ... Program received signal SIGSEGV, Segmentation fault.

(gdb) where
    xlcfg=0x66d2b0 "/home/wtenhave/WORK/libvirt/XOSS/BUGS/libvirt/tests/xlconfigdata/test-disk-positional-parms-partial.cfg",
    xml=0x66d320 "/home/wtenhave/WORK/libvirt/XOSS/BUGS/libvirt/tests/xlconfigdata/test-disk-positional-parms-partial.xml", replaceVars=false) at xlconfigtest.c:152
    body=0x40f32d <testCompareHelper>, data=0x7fffffffd990) at testutils.c:180

(gdb) frame 1
319         if (STRPREFIX(srcstr, "rbd:")) {

(gdb) print srcstr
$1 = 0x0

Signed-off-by: Wim ten Have <wim ten have oracle com>
---
 src/xenconfig/xen_xl.c                                    | 3 ++-
 tests/xlconfigdata/test-disk-positional-parms-partial.cfg | 2 +-
 tests/xlconfigdata/test-disk-positional-parms-partial.xml | 6 ++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index 4f24d45..958956a 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -316,7 +316,8 @@ xenParseXLDiskSrc(virDomainDiskDefPtr disk, char *srcstr)
     char *tmpstr = NULL;
     int ret = -1;
 
-    if (STRPREFIX(srcstr, "rbd:")) {
+    if (srcstr &&
+        STRPREFIX(srcstr, "rbd:")) {
         if (!(tmpstr = virStringReplace(srcstr, "\\\\", "\\")))
             goto cleanup;
 
diff --git a/tests/xlconfigdata/test-disk-positional-parms-partial.cfg b/tests/xlconfigdata/test-disk-positional-parms-partial.cfg
index fd16db0..940304e 100644
--- a/tests/xlconfigdata/test-disk-positional-parms-partial.cfg
+++ b/tests/xlconfigdata/test-disk-positional-parms-partial.cfg
@@ -22,4 +22,4 @@ parallel = "none"
 serial = "none"
 builder = "hvm"
 boot = "d"
-disk = [ "/dev/HostVG/XenGuest2,,hda,,backendtype=phy", "/var/lib/libvirt/images/XenGuest2-home,,hdb,,", "/root/boot.iso,,hdc,,devtype=cdrom" ]
+disk = [ "/dev/HostVG/XenGuest2,,hda,,backendtype=phy", "/var/lib/libvirt/images/XenGuest2-home,,hdb,,", "/root/boot.iso,,hdc,,devtype=cdrom" , "format=raw,vdev=hdd,access=ro,devtype=cdrom" ]
diff --git a/tests/xlconfigdata/test-disk-positional-parms-partial.xml b/tests/xlconfigdata/test-disk-positional-parms-partial.xml
index e86a5be..52b21dc 100644
--- a/tests/xlconfigdata/test-disk-positional-parms-partial.xml
+++ b/tests/xlconfigdata/test-disk-positional-parms-partial.xml
@@ -39,6 +39,12 @@
       <readonly/>
       <address type='drive' controller='0' bus='1' target='0' unit='0'/>
     </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <target dev='hdd' bus='ide'/>
+      <readonly/>
+      <address type='drive' controller='0' bus='1' target='0' unit='1'/>
+    </disk>
     <controller type='ide' index='0'/>
     <interface type='bridge'>
       <mac address='00:16:3e:66:92:9c'/>
-- 
2.9.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]