From 9160573d327465e5f7ecbb6b2e37fd0eba3fb43b Mon Sep 17 00:00:00 2001 From: Eric Blake Date: Tue, 2 Aug 2011 13:17:04 -0600 Subject: [PATCH] qemu: avoid null deref on block pull error Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked for a NULL return; and that by not checking we risk a null deref during an error. The error is unlikely since the prior call to virJSONValueArraySize would probably have already caught any botched JSON array parse, but better safe than sorry. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo): Check for NULL. (qemuMonitorJSONExtractPtyPaths): Fix typo. --- src/qemu/qemu_monitor_json.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index b7a6a129ea..2a9a0782ec 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -1018,7 +1018,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONValuePtr reply, int thread; if (!entry) { qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("character device information was missing aray element")); + _("character device information was missing array element")); goto cleanup; } @@ -2266,7 +2266,7 @@ static int qemuMonitorJSONExtractPtyPaths(virJSONValuePtr reply, const char *id; if (!entry) { qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("character device information was missing aray element")); + _("character device information was missing array element")); goto cleanup; } @@ -2855,6 +2855,11 @@ static int qemuMonitorJSONGetBlockJobInfo(virJSONValuePtr reply, for (i = 0; i < nr_results; i++) { virJSONValuePtr entry = virJSONValueArrayGet(data, i); + if (!entry) { + qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing array element")); + return -1; + } if (qemuMonitorJSONGetBlockJobInfoOne(entry, device, info) == 0) return 1; }