[PATCH 01/25] conf, vmx: check for OOM after calling xmlBufferCreate()

Ján Tomko jtomko at redhat.com
Thu Jun 25 22:02:18 UTC 2020

On a Wednesday in 2020, Laine Stump wrote:
>Although libvirt itself uses g_malloc0() and friends, which exit when
>there isn't enouogh memory, libxml2 uses standard malloc(), which just
>returns NULL on OOM - this means we must check for NULL on return from
>any libxml2 functions that allocate memory.
>xmlBufferCreate(), for example, might return NULL, and we don't always
>check for it. This patch adds checks where it isn't already done.
>(NB: Although libxml2 has a provision for changing behavior on OOM (by
>calling xmlMemSetup() to change what functions are used to
>allocating/freeing memory), we can't use that, since parts of libvirt
>code end up in libvirt.so, which is linked and called directly by
>applications that may themselves use libxml2 (and may have already set
>their own alternate malloc()), e.g. drivers like esx which live totally
>in the library rather than a separate process.)
>Signed-off-by: Laine Stump <laine at redhat.com>
> src/conf/domain_conf.c  | 6 +++++-
> src/conf/network_conf.c | 6 +++++-
> src/vmx/vmx.c           | 7 +++++--
> 3 files changed, 15 insertions(+), 4 deletions(-)
>diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
>index f2248cef53..fa9766995c 100644
>--- a/src/vmx/vmx.c
>+++ b/src/vmx/vmx.c
>@@ -708,8 +708,11 @@ virVMXConvertToUTF8(const char *encoding, const char *string)
>         return NULL;
>     }
>-    input = xmlBufferCreateStatic((char *)string, strlen(string));
>-    utf8 = xmlBufferCreate();
>+    if (!(input = xmlBufferCreateStatic((char *)string, strlen(string))) ||
>+        !(utf8 = xmlBufferCreate())) {

My Clang complains that 'utf8' might be used uninitialized if the first
part of the condition is true.

>+        virReportOOMError();
>+        goto cleanup;
>+    }
>     if (xmlCharEncInFunc(handler, utf8, input) < 0) {
>         virReportError(VIR_ERR_INTERNAL_ERROR,

With 'utf8' initialized:
Reviewed-by: Ján Tomko <jtomko at redhat.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200626/9f325bfa/attachment-0001.sig>

More information about the libvir-list mailing list