[libvirt] [PATCH] storage: avoid null deref on qemu-img failure
Peter Krempa
pkrempa at redhat.com
Fri Oct 21 22:17:48 UTC 2011
Dňa 21.10.2011 23:39, Eric Blake wrote / napísal(a):
> Detected by Coverity. Only possible if qemu-img gives bogus output,
> but we might as well be robust.
>
> * src/storage/storage_backend.c
> (virStorageBackendQEMUImgBackingFormat): Check for strstr failure.
> ---
> src/storage/storage_backend.c | 5 +++--
> 1 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
> index 64c35c2..7c8bfdc 100644
> --- a/src/storage/storage_backend.c
> +++ b/src/storage/storage_backend.c
> @@ -631,8 +631,9 @@ static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
> if (virCommandRun(cmd,&exitstatus)< 0)
> goto cleanup;
>
> - start = strstr(help, " create ");
> - end = strstr(start, "\n");
> + if ((start = strstr(help, " create ")) == NULL ||
> + (end = strstr(start, "\n")) == NULL)
> + goto cleanup;
At least one call graph to this function does not contain adding a error
message of any kind. I think it would be fair to inform the user if his
qemu-img is somehow broken (although unlikely to happen), if we check
for this now.
> if (((tmp = strstr(start, "-F fmt"))&& tmp< end) ||
> ((tmp = strstr(start, "-F backing_fmt"))&& tmp< end))
> ret = QEMU_IMG_BACKING_FORMAT_FLAG;
ACK,
Peter.
More information about the libvir-list
mailing list