[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] phyp: Fixing possible buffer overflow



 On 08/05/2010 04:34 PM, Eric Blake wrote:
On 07/15/2010 08:01 PM, Laine Stump wrote:
Here's a stab at doing it this way. I haven't even compiled it, but
you can give it a try and see if it solves your problem.
I _have_ compiled it, and double-checked it for any obvious logic flaws.
  There's a subtle change in semantics:

+    /* I need to parse the textual return in order to get the ids */
+    line = ret;
+    got = 0;
+    while (*line&&  got<  nids) {
+        if (virStrToLong_i(line,&next_line, 10,&ids[got]) == -1) {
+            VIR_ERROR(_("Cannot parse number from '%s'"), line);
+            got = -1;
+            goto err;
          }
+        got++;
+        line = next_line;
+        while (*line == '\n')
+            line++; /* skip \n */
      }

-    VIR_FREE(cmd);
-    VIR_FREE(ret);
-    return got;
-
    err:
      VIR_FREE(cmd);
      VIR_FREE(ret);
-    return -1;
+    return got;
  }
Before, this always returned -1 on failure.  But now, if you parse one
line before failing to parse the second, it returns 1.  I think the err:
label should continue to return -1 on failure.


But right before the goto err; there is a "got = -1;" Am I missing something?


ACK with that change.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]