[libvirt] [PATCH] phyp: Fixing possible buffer overflow
Laine Stump
laine at laine.org
Fri Aug 6 01:49:25 UTC 2010
On 08/05/2010 04:34 PM, Eric Blake wrote:
> On 07/15/2010 08:01 PM, Laine Stump wrote:
>> Here's a stab at doing it this way. I haven't even compiled it, but
>> you can give it a try and see if it solves your problem.
> I _have_ compiled it, and double-checked it for any obvious logic flaws.
> There's a subtle change in semantics:
>
>> + /* I need to parse the textual return in order to get the ids */
>> + line = ret;
>> + got = 0;
>> + while (*line&& got< nids) {
>> + if (virStrToLong_i(line,&next_line, 10,&ids[got]) == -1) {
>> + VIR_ERROR(_("Cannot parse number from '%s'"), line);
>> + got = -1;
>> + goto err;
>> }
>> + got++;
>> + line = next_line;
>> + while (*line == '\n')
>> + line++; /* skip \n */
>> }
>>
>> - VIR_FREE(cmd);
>> - VIR_FREE(ret);
>> - return got;
>> -
>> err:
>> VIR_FREE(cmd);
>> VIR_FREE(ret);
>> - return -1;
>> + return got;
>> }
> Before, this always returned -1 on failure. But now, if you parse one
> line before failing to parse the second, it returns 1. I think the err:
> label should continue to return -1 on failure.
But right before the goto err; there is a "got = -1;" Am I missing
something?
> ACK with that change.
>
More information about the libvir-list
mailing list