External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 14:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

test_driver: sanitize user-provided array in testDomainGetDiskErrors

Browse Source 
Zero out the user provided memory in order to avoid potentially freeing
uninitialized memory.

Signed-off-by: Ilias Stamatis <stamatis.iliass@gmail.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
This commit is contained in:
Ilias Stamatis 2019-07-04 13:31:34 +02:00 committed by Erik Skultety
parent cfec206e84
commit c67cf079f7
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/test/test_driver.c
View File

@ -3275,6 +3275,7 @@ static int testDomainGetDiskErrors(virDomainPtr dom,
virDomainObjPtr vm = NULL;
int ret = -1;
size_t i;
size_t nerrors;
virCheckFlags(0, -1);
@ -3284,8 +3285,13 @@ static int testDomainGetDiskErrors(virDomainPtr dom,
if (virDomainObjCheckActive(vm) < 0)
goto cleanup;
nerrors = MIN(vm->def->ndisks, maxerrors);
if (errors) {
for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++) {
/* sanitize input */
memset(errors, 0, sizeof(virDomainDiskError) * nerrors);
for (i = 0; i < nerrors; i++) {
if (VIR_STRDUP(errors[i].disk, vm->def->disks[i]->dst) < 0)
goto cleanup;
errors[i].error = (i % (VIR_DOMAIN_DISK_ERROR_LAST - 1)) + 1;
@ -3297,7 +3303,7 @@ static int testDomainGetDiskErrors(virDomainPtr dom,
cleanup:
if (ret < 0) {
for (i = 0; i < MIN(vm->def->ndisks, maxerrors); i++)
for (i = 0; i < nerrors; i++)
VIR_FREE(errors[i].disk);
}
virDomainObjEndAPI(&vm);