External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-23 21:15:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: avoid text monitor null deref

Browse Source 
Detected by Coverity.  If, for some reason, our text monitor input
does not match our assumptions, we end up incrementing p while it
is NULL, then dereferencing the pointer 0x1, which will fault.

* src/qemu/qemu_monitor_text.c
(qemuMonitorTextGetBlockStatsParamsNumber): Rewrite to avoid
deref of strchr failure.  Fix indentation.
This commit is contained in:
Eric Blake 2011-10-12 18:19:28 -06:00
parent ce521f242a
commit 60be9e8c0e
1 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/qemu/qemu_monitor_text.c
View File

@ -1036,26 +1036,23 @@ int qemuMonitorTextGetBlockStatsParamsNumber(qemuMonitorPtr mon,
* "floppy0: ") * "floppy0: ")
*/ */
p = strchr(p, ' '); p = strchr(p, ' ');
p++;
while (*p) { while (p && p < eol) {
if (STRPREFIX (p, "rd_bytes=") || if (STRPREFIX (p, " rd_bytes=") ||
STRPREFIX (p, "wr_bytes=") || STRPREFIX (p, " wr_bytes=") ||
STRPREFIX (p, "rd_operations=") || STRPREFIX (p, " rd_operations=") ||
STRPREFIX (p, "wr_operations=") || STRPREFIX (p, " wr_operations=") ||
STRPREFIX (p, "rd_total_times_ns=") || STRPREFIX (p, " rd_total_times_ns=") ||
STRPREFIX (p, "wr_total_times_ns=") || STRPREFIX (p, " wr_total_times_ns=") ||
STRPREFIX (p, "flush_operations=") || STRPREFIX (p, " flush_operations=") ||
STRPREFIX (p, "flush_total_times_ns=")) { STRPREFIX (p, " flush_total_times_ns=")) {
num++; num++;
} else { } else {
VIR_DEBUG ("unknown block stat near %s", p); VIR_DEBUG ("unknown block stat near %s", p);
} }
/* Skip to next label. */ /* Skip to next label. */
p = strchr (p, ' '); p = strchr(p + 1, ' ');
if (!p || p >= eol) break;
p++;
} }
*nparams = num; *nparams = num;