[libvirt] [PATCH] qemu: Alter condition to avoid possible NULL deref
Michal Privoznik
mprivozn at redhat.com
Mon Feb 12 07:14:36 UTC 2018
On 02/09/2018 04:33 PM, John Ferlan wrote:
> Commit 'f0f2a5ec2' neglected to adjust the if condition to split
> out the possibility that the @watchdog is NULL when altering the
> message to add detail about the model.
>
> Just split out the condition and use previous/original message, but
> with the new message code.
>
> Found by Coverity
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/qemu_hotplug.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index c7bf25eee..3291ce613 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -5159,11 +5159,16 @@ qemuDomainDetachWatchdog(virQEMUDriverPtr driver,
> virDomainWatchdogDefPtr watchdog = vm->def->watchdog;
> qemuDomainObjPrivatePtr priv = vm->privateData;
>
> + if (!watchdog) {
> + virReportError(VIR_ERR_DEVICE_MISSING, "%s",
> + _("watchdog device not present in domain configuration"));
> + return -1;
> + }
> +
> /* While domains can have up to one watchdog, the one supplied by the user
> * doesn't necessarily match the one domain has. Refuse to detach in such
> * case. */
> - if (!(watchdog &&
> - watchdog->model == dev->model &&
> + if (!(watchdog->model == dev->model &&
> watchdog->action == dev->action &&
> virDomainDeviceInfoAddressIsEqual(&dev->info, &watchdog->info))) {
> virReportError(VIR_ERR_DEVICE_MISSING,
>
Oh I see now. The problem is not with the condition, but this
virReportError() uses watchdog->model (for better message) which is
dangerous in case @watchdog == NULL. I though that there's something bad
with the condition itself.
ACK
Michal
More information about the libvir-list
mailing list