From 306c49ffd56a1c72b1892d50f2a75531c62f4a1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Tomko?= Date: Wed, 26 Jun 2013 13:07:24 +0200 Subject: [PATCH] Fix invalid read in virCgroupGetValueStr Don't check for '\n' at the end of file if zero bytes were read. Found by valgrind: ==404== Invalid read of size 1 ==404== at 0x529B09F: virCgroupGetValueStr (vircgroup.c:540) ==404== by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079) ==404== by 0x1EB475: qemuSetupCgroupForEmulator (qemu_cgroup.c:1061) ==404== by 0x1D9489: qemuProcessStart (qemu_process.c:3801) ==404== by 0x18557E: qemuDomainObjStart (qemu_driver.c:5787) ==404== by 0x190FA4: qemuDomainCreateWithFlags (qemu_driver.c:5839) Introduced by 0d0b409. https://bugzilla.redhat.com/show_bug.cgi?id=978356 --- src/util/vircgroup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 0484c71316..a0ee3f74af 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -537,7 +537,7 @@ static int virCgroupGetValueStr(virCgroupPtr group, VIR_DEBUG("Failed to read %s: %m\n", keypath); } else { /* Terminated with '\n' has sometimes harmful effects to the caller */ - if ((*value)[rc - 1] == '\n') + if (rc > 0 && (*value)[rc - 1] == '\n') (*value)[rc - 1] = '\0'; rc = 0;