[libvirt] [PATCH] Fix Invalid write in virCryptoHashString()
Nehal J Wani
nehaljw.kkd1 at gmail.com
Wed Mar 12 21:44:11 UTC 2014
While running vircryptotest, it was found that valgrind pointed out the
following error:
==27453== Invalid write of size 1
==27453== at 0x4C7D7C9: virCryptoHashString (vircrypto.c:76)
==27453== by 0x401C4E: testCryptoHash (vircryptotest.c:41)
==27453== by 0x402A11: virtTestRun (testutils.c:199)
==27453== by 0x401AD5: mymain (vircryptotest.c:76)
==27453== by 0x40318D: virtTestMain (testutils.c:782)
==27453== by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==27453== Address 0x51f0541 is 0 bytes after a block of size 65 alloc'd
==27453== at 0x4A0577B: calloc (vg_replace_malloc.c:593)
==27453== by 0x4C69F2E: virAllocN (viralloc.c:189)
==27453== by 0x4C7D76B: virCryptoHashString (vircrypto.c:69)
==27453== by 0x401C4E: testCryptoHash (vircryptotest.c:41)
==27453== by 0x402A11: virtTestRun (testutils.c:199)
==27453== by 0x401AD5: mymain (vircryptotest.c:76)
==27453== by 0x40318D: virtTestMain (testutils.c:782)
==27453== by 0x3E6CE1ED1C: (below main) (libc-start.c:226)
==27453==
...and many more
---
The errors go away, if I either do:
Line 76: (*output)[hashstrlen - 1] = '\0';
or
Line 61: if (VIR_ALLOC_N(*output, hashstrlen + 1) < 0)
But the second one seems less harmful, as anyway we are going to free
that memory.
src/util/vircrypto.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 3af3aa3..aa2b0c8 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -66,7 +66,7 @@ virCryptoHashString(virCryptoHash hash,
return -1;
}
- if (VIR_ALLOC_N(*output, hashstrlen) < 0)
+ if (VIR_ALLOC_N(*output, hashstrlen + 1) < 0)
return -1;
for (i = 0; i < hashinfo[hash].hashlen; i++) {
--
1.7.1
More information about the libvir-list
mailing list