External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-02 04:15:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmdDomBlkError: Fix crash when initial call to virDomainGetDiskErrors fails

Browse Source 
virDomainGetDiskErrors uses the weird semantics where we make the
caller query for the number of elements and then pass pre-allocated
structure.

The cleanup section errorneously used the 'count' variable to free the
allocated elements for the API but 'count' can be '-1' in cases when the
API returns failure, thus attempting to free beyond the end of the
array.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/155
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
Peter Krempa 2021-04-19 08:11:55 +02:00
parent ac87f612ba
commit c2558e78d4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tools/virsh-domain-monitor.c
View File

@ -1220,7 +1220,7 @@ cmdDomBlkError(vshControl *ctl, const vshCmd *cmd)
{
virDomainPtr dom;
virDomainDiskErrorPtr disks = NULL;
unsigned int ndisks;
unsigned int ndisks = 0;
size_t i;
int count;
bool ret = false;
@ -1230,10 +1230,10 @@ cmdDomBlkError(vshControl *ctl, const vshCmd *cmd)
if ((count = virDomainGetDiskErrors(dom, NULL, 0, 0)) < 0)
goto cleanup;
ndisks = count;
if (ndisks) {
disks = g_new0(virDomainDiskError, ndisks);
if (count > 0) {
disks = g_new0(virDomainDiskError, count);
ndisks = count;
if ((count = virDomainGetDiskErrors(dom, disks, ndisks, 0)) == -1)
goto cleanup;
@ -1252,7 +1252,7 @@ cmdDomBlkError(vshControl *ctl, const vshCmd *cmd)
ret = true;
cleanup:
for (i = 0; i < count; i++)
for (i = 0; i < ndisks; i++)
VIR_FREE(disks[i].disk);
VIR_FREE(disks);
virshDomainFree(dom);