From 370ac3d25c8fd8b07197f953a19a51dc5d09fbd1 Mon Sep 17 00:00:00 2001 From: Tim Wiederhake Date: Fri, 9 Jul 2021 15:09:10 +0200 Subject: [PATCH] virThreadPoolNewFull: Prevent expanding worker pool by zero On libvirtd startup, the list of priority worker threads is uninitialized (`pool->prioWorkers` is NULL), and then "expanded" to zero (`prioWorkers`) entries. This causes `virThreadPoolExpand` to call `VIR_EXPAND_N` on a null pointer and an increment of zero. The zero increment triggers `virReallocN` to not actually allocate any memory and leave the pointer NULL, which, eventually, causes `memset(NULL, 0, 0)` to be called in `virExpandN`. `memset` is declared `__attribute__ ((__nonnull__ 1))`, which triggers the following warning when libvirt is compiled with address sanitizing enabled: $ meson -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address,undefined build && ninja -C build $ ./build/run build/src/libvirtd src/util/viralloc.c:82:5: runtime error: null pointer passed as argument 1, which is declared to never be null Signed-off-by: Tim Wiederhake Reviewed-by: Michal Privoznik --- src/util/virthreadpool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/virthreadpool.c b/src/util/virthreadpool.c index 9ddd86a679..92b7cac286 100644 --- a/src/util/virthreadpool.c +++ b/src/util/virthreadpool.c @@ -247,10 +247,10 @@ virThreadPoolNewFull(size_t minWorkers, pool->maxWorkers = maxWorkers; pool->maxPrioWorkers = prioWorkers; - if (virThreadPoolExpand(pool, minWorkers, false) < 0) + if ((minWorkers > 0) && virThreadPoolExpand(pool, minWorkers, false) < 0) goto error; - if (virThreadPoolExpand(pool, prioWorkers, true) < 0) + if ((prioWorkers > 0) && virThreadPoolExpand(pool, prioWorkers, true) < 0) goto error; return pool;