qemu: avoid null deref on block pull error

Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked for a NULL return; and that by not checking we risk a null deref during an error. The error is unlikely since the prior call to virJSONValueArraySize would probably have already caught any botched JSON array parse, but better safe than sorry. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo): Check for NULL. (qemuMonitorJSONExtractPtyPaths): Fix typo.
2024-09-08 16:54:49 +00:00 · 2011-08-02 13:17:04 -06:00 · 2011-08-02 13:17:04 -06:00 · 9160573d32
commit 9160573d32
parent 94b5dae479
1 changed files with 7 additions and 2 deletions
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@ -1018,7 +1018,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONValuePtr reply,
        int thread;
        if (!entry) {
            qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                            _("character device information was missing aray element"));
+                            _("character device information was missing array element"));
            goto cleanup;
        }

@ -2266,7 +2266,7 @@ static int qemuMonitorJSONExtractPtyPaths(virJSONValuePtr reply,
        const char *id;
        if (!entry) {
            qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                            _("character device information was missing aray element"));
+                            _("character device information was missing array element"));
            goto cleanup;
        }

@ -2855,6 +2855,11 @@ static int qemuMonitorJSONGetBlockJobInfo(virJSONValuePtr reply,

    for (i = 0; i < nr_results; i++) {
        virJSONValuePtr entry = virJSONValueArrayGet(data, i);
+        if (!entry) {
+            qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("missing array element"));
+            return -1;
+        }
        if (qemuMonitorJSONGetBlockJobInfoOne(entry, device, info) == 0)
            return 1;
    }