[libvirt] [PATCH] Fix NULL dereference in remoteDomainMigratePrepare2
Jiri Denemark
jdenemar at redhat.com
Wed May 12 15:22:03 UTC 2010
> > diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> > index 990bfce..c62e3d6 100644
> > --- a/src/remote/remote_driver.c
> > +++ b/src/remote/remote_driver.c
> > @@ -2849,8 +2849,12 @@ remoteDomainMigratePrepare2 (virConnectPtr dconn,
> > goto done;
> >
> > if (ret.cookie.cookie_len > 0) {
> > - *cookie = ret.cookie.cookie_val; /* Caller frees. */
> > - *cookielen = ret.cookie.cookie_len;
> > + if (cookie && cookielen) {
> > + *cookie = ret.cookie.cookie_val; /* Caller frees. */
> > + *cookielen = ret.cookie.cookie_len;
> > + } else {
> > + VIR_FREE(ret.cookie.cookie_val);
> > + }
> > }
>
> What code would call this with cookie == NULL ? Any such caller
> is a bug I believe.
Yeah, most likely but we shouldn't crash in that case anyway. Although perhaps
the call should rather fail instead of just silently dropping the cookie if
the caller is not interested in seeing it, what do you think?
Jirka
More information about the libvir-list
mailing list