[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] qemu: avoid null pointer dereference



This code has had problems historically.  As originally
written, in commit 6bcf2501 (Jun 08), it could call unlink
on a random string, nuking an unrelated file.

Then commit 182a80b9 (Sep 09), the code was rewritten to
allocate tmp, with both a use-after-free bug and a chance to
call unlink(NULL).

Commit e206946 (Mar 11) fixed the use-after-free, but not the
NULL dereference.  Thanks to clang for catching this!

* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
unlink on NULL.
---
 src/qemu/qemu_driver.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 16d869d..3ee4720 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5355,7 +5355,8 @@ endjob:

 cleanup:
     VIR_FORCE_CLOSE(fd);
-    unlink (tmp);
+    if (tmp)
+        unlink (tmp);
     VIR_FREE(tmp);
     if (vm)
         virDomainObjUnlock(vm);
-- 
1.7.4.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]