[libvirt] [PATCH v2] test_driver: implement virDomainGetDiskErrors

Tue May 14 10:50:37 UTC 2019

On Tue, May 14, 2019 at 12:40 PM John Ferlan <jferlan at redhat.com> wrote:
>
>
>
> On 5/13/19 9:04 AM, Ilias Stamatis wrote:
> > On Mon, May 13, 2019 at 2:38 PM Michal Privoznik <mprivozn at redhat.com> wrote:
> >>
> >> On 5/13/19 1:26 AM, Ilias Stamatis wrote:
> >>> Return the number of disks present in the configuration of the test
> >>> domain when called with @errors as NULL and @maxerrors as 0.
> >>>
> >>> Otherwise report an error for every second disk, assigning available
> >>> error codes in a cyclic order.
> >>>
> >>> Signed-off-by: Ilias Stamatis <stamatis.iliass at gmail.com>
> >>> ---
> >>>   src/test/test_driver.c | 42 ++++++++++++++++++++++++++++++++++++++++++
> >>>   1 file changed, 42 insertions(+)
> >>>
> >>> diff --git a/src/test/test_driver.c b/src/test/test_driver.c
> >>> index a06d1fc402..527c2f5d3b 100644
> >>> --- a/src/test/test_driver.c
> >>> +++ b/src/test/test_driver.c
> >>> @@ -3046,6 +3046,47 @@ static int testDomainSetAutostart(virDomainPtr domain,
> >>>       return 0;
> >>>   }
> >>>
> >>> +static int testDomainGetDiskErrors(virDomainPtr dom,
> >>> +                                   virDomainDiskErrorPtr errors,
> >>> +                                   unsigned int maxerrors,
> >>> +                                   unsigned int flags)
> >>> +{
>
> [...]
>
> >>> +            n++;
> >>> +        }
> >>> +        ret = n;
> >>> +    }
> >>> +
> >>> + cleanup:
> >>> +    virDomainObjEndAPI(&vm);
> >>> +    if (ret < 0) {
> >>> +        for (i = 0; i < n; i++)
> >>> +            VIR_FREE(errors[i].disk);
> >>> +    }
>
> The above got changed to :
>
> + cleanup:
> +    virDomainObjEndAPI(&vm);
> +    if (ret < 0) {
> +        for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
> +            VIR_FREE(errors[i].disk);
> +    }

I think this change is incorrect and a bug lies in here.

If VIR_STRDUP fails above, memory for less than MIN(vm->def->ndisks,
maxerrors) will have been allocated, and then in the cleanup code
we'll call VIR_FREE with pointers that haven't been previously
allocated.

>
> and Coverity got a wee bit grumpy for a couple of reasons...
>
>   - The virDomainObjEndAPI will set @vm = NULL which makes the MIN
> statement quite unhappy if ret < 0
>   - However, just moving that to after the if condition isn't good
> enough since the testDomObjFromDomain could causes us to jump to
> cleanup: with @vm = NULL (easily solved by return -1 there instead).
>
> John
>
>
>
> [...]