[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Fix NULL dereference in remoteDomainMigratePrepare2



> > diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> > index 990bfce..c62e3d6 100644
> > --- a/src/remote/remote_driver.c
> > +++ b/src/remote/remote_driver.c
> > @@ -2849,8 +2849,12 @@ remoteDomainMigratePrepare2 (virConnectPtr dconn,
> >          goto done;
> >  
> >      if (ret.cookie.cookie_len > 0) {
> > -        *cookie = ret.cookie.cookie_val; /* Caller frees. */
> > -        *cookielen = ret.cookie.cookie_len;
> > +        if (cookie && cookielen) {
> > +            *cookie = ret.cookie.cookie_val; /* Caller frees. */
> > +            *cookielen = ret.cookie.cookie_len;
> > +        } else {
> > +            VIR_FREE(ret.cookie.cookie_val);
> > +        }
> >      }
> 
> What code would call this with cookie == NULL ?  Any such caller
> is a bug I believe.

Yeah, most likely but we shouldn't crash in that case anyway. Although perhaps
the call should rather fail instead of just silently dropping the cookie if
the caller is not interested in seeing it, what do you think?

Jirka


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]