[libvirt] [PATCH 1/3] vircommand: Ensure buffers are NULL-terminated
Daniel P. Berrangé
berrange at redhat.com
Tue Feb 5 15:23:56 UTC 2019
On Tue, Feb 05, 2019 at 04:16:21PM +0100, Andrea Bolognani wrote:
> The memory allocated by VIR_REALLOC_N() is uninitialized,
> which means it's not possible to figure out whether any
> output was produced at all after the fact.
I really wish we had never added the VIR_REALLOC_N function.
One of the best things about VIR_ALLOC/VIR_EXPAND/VIR_RESIZE
are that they remove all bugs related to use of uninitialized
memory. We really ought to try to eliminate use of VIR_REALLOC_N
in favour of the other safer functions throughout the code.
>
> Signed-off-by: Andrea Bolognani <abologna at redhat.com>
> ---
> src/util/vircommand.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/util/vircommand.c b/src/util/vircommand.c
> index d965068369..6e9e56d0c0 100644
> --- a/src/util/vircommand.c
> +++ b/src/util/vircommand.c
> @@ -2057,11 +2057,13 @@ virCommandProcessIO(virCommandPtr cmd)
> outfd = cmd->outfd;
> if (VIR_REALLOC_N(*cmd->outbuf, 1) < 0)
> ret = -1;
> + *cmd->outbuf[0] = '\0';
> }
> if (cmd->errbuf) {
> errfd = cmd->errfd;
> if (VIR_REALLOC_N(*cmd->errbuf, 1) < 0)
> ret = -1;
> + *cmd->errbuf[0] = '\0';
Here we don't really care about the original contents on outbuf/errbuf.
I'd probably go for making that explicit by replacing VIR_REALLOC_N
with VIR_FREE + VIR_ALLOC_N
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list