[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] phyp: Fixing possible buffer overflow



On 07/15/2010 08:01 PM, Laine Stump wrote:
> Here's a stab at doing it this way. I haven't even compiled it, but
> you can give it a try and see if it solves your problem.

I _have_ compiled it, and double-checked it for any obvious logic flaws.
 There's a subtle change in semantics:

> +    /* I need to parse the textual return in order to get the ids */
> +    line = ret;
> +    got = 0;
> +    while (*line && got < nids) {
> +        if (virStrToLong_i(line, &next_line, 10, &ids[got]) == -1) {
> +            VIR_ERROR(_("Cannot parse number from '%s'"), line);
> +            got = -1;
> +            goto err;
>          }
> +        got++;
> +        line = next_line;
> +        while (*line == '\n')
> +            line++; /* skip \n */
>      }
>  
> -    VIR_FREE(cmd);
> -    VIR_FREE(ret);
> -    return got;
> -
>    err:
>      VIR_FREE(cmd);
>      VIR_FREE(ret);
> -    return -1;
> +    return got;
>  }

Before, this always returned -1 on failure.  But now, if you parse one
line before failing to parse the second, it returns 1.  I think the err:
label should continue to return -1 on failure.

ACK with that change.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]