Pino Toscano
2017-Nov-03 16:19 UTC
[Libguestfs] [PATCH] diff: avoid potential null pointer dereference on error
If visit_guest() fails, then it returns a null pointer; later on,
free_tree() is called unconditionally on the variables, thus
dereferencing null pointers.
Thus guard the free_tree() invocations.
---
diff/diff.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/diff/diff.c b/diff/diff.c
index 5851a1c9c..1f1ab6933 100644
--- a/diff/diff.c
+++ b/diff/diff.c
@@ -389,8 +389,10 @@ main (int argc, char *argv[])
errors++;
}
- free_tree (tree1);
- free_tree (tree2);
+ if (tree1)
+ free_tree (tree1);
+ if (tree2)
+ free_tree (tree2);
free_drives (drvs);
free_drives (drvs2);
--
2.13.6
Eric Blake
2017-Nov-03 17:48 UTC
[Libguestfs] [PATCH] diff: avoid potential null pointer dereference on error
On 11/03/2017 11:19 AM, Pino Toscano wrote:> If visit_guest() fails, then it returns a null pointer; later on, > free_tree() is called unconditionally on the variables, thus > dereferencing null pointers. > > Thus guard the free_tree() invocations.Would it be any better to teach free_tree() to be more free()-like by being a no-op on NULL? -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 619 bytes Desc: OpenPGP digital signature URL: <http://listman.redhat.com/archives/libguestfs/attachments/20171103/2d6c5c83/attachment.sig>
Richard W.M. Jones
2017-Nov-03 21:24 UTC
Re: [Libguestfs] [PATCH] diff: avoid potential null pointer dereference on error
On Fri, Nov 03, 2017 at 12:48:37PM -0500, Eric Blake wrote:> On 11/03/2017 11:19 AM, Pino Toscano wrote: > > If visit_guest() fails, then it returns a null pointer; later on, > > free_tree() is called unconditionally on the variables, thus > > dereferencing null pointers. > > > > Thus guard the free_tree() invocations. > > Would it be any better to teach free_tree() to be more free()-like by > being a no-op on NULL?Yes, I agree with Eric on this. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW
Reasonably Related Threads
- Re: [PATCH] diff: avoid potential null pointer dereference on error
- Re: [PATCH] diff: avoid potential null pointer dereference on error
- Coding columns for survival analysis
- [PATCH 2/2] Introduce a --key option in tools that accept keys
- Cannot convert from phylo to hclust , error!!???