openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix allocation of arglist in qemuStringToArgvEnv 

In

  commit 41b5505679
  Author: Eric Blake <eblake@redhat.com>
  Date:   Wed Aug 28 15:01:23 2013 -0600

    qemu: simplify list cleanup

The qemuStringToArgvEnv method was changed to use virStringFreeList
to free the 'arglist' array. This method assumes the string list
array is NULL terminated, however, qemuStringToArgvEnv was not
ensuring this when populating 'arglist'. This caused an out of
bounds access by virStringFreeList when OOM occured in the initial
loop of qemuStringToArgvEnv

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-09-23 14:14:04 +01:00
parent 0bea528a33
commit 150c1db52b
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/qemu/qemu_command.c
View File

@ -9656,9 +9656,9 @@ static int qemuStringToArgvEnv(const char *args,
char ***retargv)
{
char **arglist = NULL;
int argcount = 0;
int argalloc = 0;
int envend;
size_t argcount = 0;
size_t argalloc = 0;
size_t envend;
size_t i;
const char *curr = args;
const char *start;
@ -9695,15 +9695,13 @@ static int qemuStringToArgvEnv(const char *args,
if (next && (*next == '\'' || *next == '"'))
next++;
if (argalloc == argcount) {
if (VIR_REALLOC_N(arglist, argalloc+10) < 0) {
VIR_FREE(arg);
goto error;
}
argalloc+=10;
if (VIR_RESIZE_N(arglist, argalloc, argcount, 2) < 0) {
VIR_FREE(arg);
goto error;
}
arglist[argcount++] = arg;
arglist[argcount] = NULL;
while (next && c_isspace(*next))
next++;