[libvirt] [PATCH] phyp: Fixing possible buffer overflow

Fri Aug 6 01:49:25 UTC 2010

  On 08/05/2010 04:34 PM, Eric Blake wrote:
> On 07/15/2010 08:01 PM, Laine Stump wrote:
>> Here's a stab at doing it this way. I haven't even compiled it, but
>> you can give it a try and see if it solves your problem.
> I _have_ compiled it, and double-checked it for any obvious logic flaws.
>   There's a subtle change in semantics:
>
>> +    /* I need to parse the textual return in order to get the ids */
>> +    line = ret;
>> +    got = 0;
>> +    while (*line&&  got<  nids) {
>> +        if (virStrToLong_i(line,&next_line, 10,&ids[got]) == -1) {
>> +            VIR_ERROR(_("Cannot parse number from '%s'"), line);
>> +            got = -1;
>> +            goto err;
>>           }
>> +        got++;
>> +        line = next_line;
>> +        while (*line == '\n')
>> +            line++; /* skip \n */
>>       }
>>
>> -    VIR_FREE(cmd);
>> -    VIR_FREE(ret);
>> -    return got;
>> -
>>     err:
>>       VIR_FREE(cmd);
>>       VIR_FREE(ret);
>> -    return -1;
>> +    return got;
>>   }
> Before, this always returned -1 on failure.  But now, if you parse one
> line before failing to parse the second, it returns 1.  I think the err:
> label should continue to return -1 on failure.

But right before the goto err; there is a "got = -1;" Am I missing 
something?

> ACK with that change.
>