[libvirt PATCH] virThreadPoolExpand: Prevent expanding worker pool by zero

Tim Wiederhake posted 1 patch 2 years, 8 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210709134306.81124-1-twiederh@redhat.com
src/util/virthreadpool.c | 3 +++
1 file changed, 3 insertions(+)
[libvirt PATCH] virThreadPoolExpand: Prevent expanding worker pool by zero
Posted by Tim Wiederhake 2 years, 8 months ago
`virThreadPoolNewFull` may call `virThreadPoolExpand` with `prioWorkers` = 0.
This causes `virThreadPoolExpand` to call `VIR_EXPAND_N` on a null pointer
and an increment of zero. The zero increment triggers `virReallocN` to not
actually allocate any memory and leave the pointer NULL, which, eventually,
causes `memset(NULL, 0, 0)` to be called in `virExpandN`.

`memset` is declared `__attribute__ ((__nonnull__ 1))`, which triggers the
following warning when libvirt is compiled with address sanitizing enabled:

    src/util/viralloc.c:82:5: runtime error: null pointer passed as
    argument 1, which is declared to never be null

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
---
 src/util/virthreadpool.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/util/virthreadpool.c b/src/util/virthreadpool.c
index 9ddd86a679..c9d2a17ff4 100644
--- a/src/util/virthreadpool.c
+++ b/src/util/virthreadpool.c
@@ -179,6 +179,9 @@ virThreadPoolExpand(virThreadPool *pool, size_t gain, bool priority)
     size_t i = 0;
     struct virThreadPoolWorkerData *data = NULL;
 
+    if (gain == 0)
+        return 0;
+
     VIR_EXPAND_N(*workers, *curWorkers, gain);
 
     for (i = 0; i < gain; i++) {
-- 
2.31.1