From nobody Tue May  7 19:09:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 1488889155285947.0906358038524;
 Tue, 7 Mar 2017 04:19:15 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v27CFk9Z054989;
	Tue, 7 Mar 2017 07:15:47 -0500
Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com
	[10.5.11.28])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v27CFk9q003945 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 7 Mar 2017 07:15:46 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 14E7B2D655; Tue,  7 Mar 2017 12:15:46 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-117-9.phx2.redhat.com
	[10.3.117.9])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C65DD2D654
	for <libvir-list@redhat.com>; Tue,  7 Mar 2017 12:15:45 +0000 (UTC)
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Tue,  7 Mar 2017 07:15:41 -0500
Message-Id: <20170307121542.25287-2-jferlan@redhat.com>
In-Reply-To: <20170307121542.25287-1-jferlan@redhat.com>
References: <20170307121542.25287-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 1/2] util: Resource some resource leaks in
	virsysinfo code
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Calls to virFileReadAll after a VIR_ALLOC that return NULL all show
a memory leak since 'ret' isn't virSysinfoDefFree'd and normal path
"return ret" doesn't free outbuf.

Reported by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/util/virsysinfo.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/util/virsysinfo.c b/src/util/virsysinfo.c
index 7b54bda..14c17a8 100644
--- a/src/util/virsysinfo.c
+++ b/src/util/virsysinfo.c
@@ -270,7 +270,7 @@ virSysinfoReadPPC(void)
     if (virFileReadAll(CPUINFO, CPUINFO_FILE_LEN, &outbuf) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Failed to open %s"), CPUINFO);
-        return NULL;
+        goto no_memory;
     }
=20
     ret->nprocessor =3D 0;
@@ -281,10 +281,12 @@ virSysinfoReadPPC(void)
     if (virSysinfoParsePPCSystem(outbuf, &ret->system) < 0)
         goto no_memory;
=20
+    VIR_FREE(outbuf);
     return ret;
=20
  no_memory:
     VIR_FREE(outbuf);
+    virSysinfoDefFree(ret);
     return NULL;
 }
=20
@@ -402,7 +404,7 @@ virSysinfoReadARM(void)
     if (virFileReadAll(CPUINFO, CPUINFO_FILE_LEN, &outbuf) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Failed to open %s"), CPUINFO);
-        return NULL;
+        goto no_memory;
     }
=20
     ret->nprocessor =3D 0;
@@ -413,10 +415,12 @@ virSysinfoReadARM(void)
     if (virSysinfoParseARMSystem(outbuf, &ret->system) < 0)
         goto no_memory;
=20
+    VIR_FREE(outbuf);
     return ret;
=20
  no_memory:
     VIR_FREE(outbuf);
+    virSysinfoDefFree(ret);
     return NULL;
 }
=20
@@ -539,7 +543,7 @@ virSysinfoReadS390(void)
     if (virFileReadAll(CPUINFO, CPUINFO_FILE_LEN, &outbuf) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Failed to open %s"), CPUINFO);
-        return NULL;
+        goto no_memory;
     }
=20
     ret->nprocessor =3D 0;
@@ -554,12 +558,13 @@ virSysinfoReadS390(void)
     if (virFileReadAll(SYSINFO, 8192, &outbuf) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Failed to open %s"), SYSINFO);
-        return NULL;
+        goto no_memory;
     }
=20
     if (virSysinfoParseS390System(outbuf, &ret->system) < 0)
         goto no_memory;
=20
+    VIR_FREE(outbuf);
     return ret;
=20
  no_memory:
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Tue May  7 19:09:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.37
 as permitted sender) client-ip=209.132.183.37;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx5-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.37 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx5-phx2.redhat.com (mx5-phx2.redhat.com [209.132.183.37]) by
 mx.zohomail.com
	with SMTPS id 1488889163712296.07558355844174;
 Tue, 7 Mar 2017 04:19:23 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx5-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v27CGK6D055443;
	Tue, 7 Mar 2017 07:16:20 -0500
Received: from smtp.corp.redhat.com (int-mx16.intmail.prod.int.phx2.redhat.com
	[10.5.11.28])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v27CFkJS003955 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 7 Mar 2017 07:15:46 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 7D33A2D655; Tue,  7 Mar 2017 12:15:46 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-117-9.phx2.redhat.com
	[10.3.117.9])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3B4832D654
	for <libvir-list@redhat.com>; Tue,  7 Mar 2017 12:15:46 +0000 (UTC)
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Tue,  7 Mar 2017 07:15:42 -0500
Message-Id: <20170307121542.25287-3-jferlan@redhat.com>
In-Reply-To: <20170307121542.25287-1-jferlan@redhat.com>
References: <20170307121542.25287-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.74 on 10.5.11.28
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 2/2] util: Avoid possible NULL dereference in
	virSysinfoParsePPCProcessor
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Found by Coverity. Because there's an "if ((cur =3D strstr(base, "revision"=
))
 !=3D NULL) {" followed by a "base =3D cur" coverity notes that 'base' could
then be NULL causing the return to the top of the "while ((tmp_base =3D
strstr(base, "processor")) !=3D NULL) {" to have strstr deref a NULL 'base'
pointer because the setting of base at the bottom of the loop is unconditio=
nal.

Alter the code to set "base =3D cur" after processing each key. That will
"ensure" that base doesn't get set to NULL if both "cpu" and "revision"
do no follow a "processor".

While a /proc/cpuinfo file that has a "processor" key but with neither
a "cpu" nor a "revision" doesn't seem feasible, the code is written as if
it could happen, so we have to account for it.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/util/virsysinfo.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/util/virsysinfo.c b/src/util/virsysinfo.c
index 14c17a8..8d3377c 100644
--- a/src/util/virsysinfo.c
+++ b/src/util/virsysinfo.c
@@ -231,6 +231,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinf=
oDefPtr ret)
         if (eol && VIR_STRNDUP(processor->processor_socket_destination,
                                cur, eol - cur) < 0)
             return -1;
+        base =3D cur;
=20
         if ((cur =3D strstr(base, "cpu")) !=3D NULL) {
             cur =3D strchr(cur, ':') + 1;
@@ -239,6 +240,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinf=
oDefPtr ret)
             if (eol && VIR_STRNDUP(processor->processor_type,
                                    cur, eol - cur) < 0)
                 return -1;
+            base =3D cur;
         }
=20
         if ((cur =3D strstr(base, "revision")) !=3D NULL) {
@@ -248,9 +250,9 @@ virSysinfoParsePPCProcessor(const char *base, virSysinf=
oDefPtr ret)
             if (eol && VIR_STRNDUP(processor->processor_version,
                                    cur, eol - cur) < 0)
                 return -1;
+            base =3D cur;
         }
=20
-        base =3D cur;
     }
=20
     return 0;
--=20
2.9.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list