Fix error checking of qemuParseKeywords return status

Most callers of qemuParseKeywords were assigning its return
value to a 'size_t' variable. Then then also checked '< 0'
for error condition, but this will never be true with the
unsigned size_t variable. Rather than using 'ssize_t', change
qemuParseKeywords so that the element count is returned via
an output parameter, leaving the return value solely as an
error indicator.

This avoids a crash accessing beyond the end of an error
upon OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-09-23 14:16:09 +01:00
parent 150c1db52b
commit 5923ea67b1
3 changed files with 22 additions and 16 deletions

View File

@ -9776,6 +9776,7 @@ int
qemuParseKeywords(const char *str,
char ***retkeywords,
char ***retvalues,
int *retnkeywords,
int allowEmptyValue)
{
int keywordCount = 0;
@ -9788,6 +9789,7 @@ qemuParseKeywords(const char *str,
*retkeywords = NULL;
*retvalues = NULL;
*retnkeywords = 0;
end = start + strlen(str);
while (start) {
@ -9857,8 +9859,8 @@ qemuParseKeywords(const char *str,
*retkeywords = keywords;
*retvalues = values;
return keywordCount;
*retnkeywords = keywordCount;
return 0;
error:
for (i = 0; i < keywordCount; i++) {
@ -9893,9 +9895,11 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt,
int unitid = -1;
int trans = VIR_DOMAIN_DISK_TRANS_DEFAULT;
if ((nkeywords = qemuParseKeywords(val,
&keywords,
&values, 0)) < 0)
if (qemuParseKeywords(val,
&keywords,
&values,
&nkeywords,
0) < 0)
return NULL;
if (VIR_ALLOC(def) < 0)
@ -10244,9 +10248,11 @@ qemuParseCommandLineNet(virDomainXMLOptionPtr xmlopt,
tmp = strchr(val, ',');
if (tmp) {
if ((nkeywords = qemuParseKeywords(tmp+1,
&keywords,
&values, 0)) < 0)
if (qemuParseKeywords(tmp+1,
&keywords,
&values,
&nkeywords,
0) < 0)
return NULL;
} else {
nkeywords = 0;
@ -10314,9 +10320,11 @@ qemuParseCommandLineNet(virDomainXMLOptionPtr xmlopt,
VIR_FREE(values);
if (STRPREFIX(nic, "nic,")) {
if ((nkeywords = qemuParseKeywords(nic + strlen("nic,"),
&keywords,
&values, 0)) < 0) {
if (qemuParseKeywords(nic + strlen("nic,"),
&keywords,
&values,
&nkeywords,
0) < 0) {
virDomainNetDefFree(def);
def = NULL;
goto cleanup;
@ -10820,8 +10828,7 @@ qemuParseCommandLineSmp(virDomainDefPtr dom,
char *end;
int ret;
nkws = qemuParseKeywords(val, &kws, &vals, 1);
if (nkws < 0)
if (qemuParseKeywords(val, &kws, &vals, &nkws, 1) < 0)
return -1;
for (i = 0; i < nkws; i++) {

View File

@ -296,6 +296,7 @@ int
qemuParseKeywords(const char *str,
char ***retkeywords,
char ***retvalues,
int *retnkeywords,
int allowEmptyValue);
#endif /* __QEMU_COMMAND_H__*/

View File

@ -533,9 +533,7 @@ qemuMonitorJSONKeywordStringToJSON(const char *str, const char *firstkeyword)
if (!(ret = virJSONValueNewObject()))
goto error;
nkeywords = qemuParseKeywords(str, &keywords, &values, 1);
if (nkeywords < 0)
if (qemuParseKeywords(str, &keywords, &values, &nkeywords, 1) < 0)
goto error;
for (i = 0; i < nkeywords; i++) {