virXPathStringLimit doesn't give callers a way to differentiate between
the queried XPath being empty and the length limit being exceeded.

This means that the callers is completely ignoring the error.

Move the length check into the caller.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/conf/domain_conf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index e829511ac5..d6eefed398 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8066,9 +8066,10 @@ virSecurityDeviceLabelDefParseXML(virSecurityDeviceLabelDef ***seclabels_rtn,
             ignore_value(virStringParseYesNo(labelskip, &seclabels[i]->labelskip));

         ctxt->node = list[i];
-        label = virXPathStringLimit("string(./label)",
-                                    VIR_SECURITY_LABEL_BUFLEN-1, ctxt);
-        seclabels[i]->label = g_steal_pointer(&label);
+        label = virXPathString("string(./label)", ctxt);
+
+        if (label && strlen(label) < VIR_SECURITY_LABEL_BUFLEN)
+            seclabels[i]->label = g_steal_pointer(&label);

         if (seclabels[i]->label && !seclabels[i]->relabel) {
             virReportError(VIR_ERR_XML_ERROR,
-- 
2.31.1

On a Monday in 2021, Peter Krempa wrote:
>virXPathStringLimit doesn't give callers a way to differentiate between
>the queried XPath being empty and the length limit being exceeded.
>
>This means that the callers is completely ignoring the error.
>
>Move the length check into the caller.
>
>Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>---
> src/conf/domain_conf.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano