[libvirt] [PATCH] virsh: Avoid division by 0 in vshCalloc

Daniel P. Berrange berrange at redhat.com
Wed Jul 4 09:09:42 UTC 2012


On Wed, Jul 04, 2012 at 11:05:40AM +0200, Peter Krempa wrote:
> vshCalloc function uses xalloc_oversized macro that can't take 0 as it's
> second argument. If vshCalloc is called with size 0, virsh ends with a
> floating point exception.
> 
> This patch changes vshCalloc to return NULL if no memory is requested.
> ---
>  tools/virsh.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/tools/virsh.c b/tools/virsh.c
> index 53d1825..d3d5c6a 100644
> --- a/tools/virsh.c
> +++ b/tools/virsh.c
> @@ -460,6 +460,9 @@ _vshCalloc(vshControl *ctl, size_t nmemb, size_t size, const char *filename, int
>  {
>      char *x;
> 
> +    if (!size)
> +        return NULL;
> +
>      if (!xalloc_oversized(nmemb, size) &&


IMHO this div-by-zero problem is a bug in the xalloc_oversized
macro & we should fix it there. The scenario seen here in virsh
is a fairly common and so div-by-zero could affect any other
usage of that macro

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list