Found by Coverity. Because there's an "if ((cur = strstr(base, "revision"))
!= NULL) {" followed by a "base = cur" coverity notes that 'base' could
then be NULL causing the return to the top of the "while ((tmp_base =
strstr(base, "processor")) != NULL) {" to have strstr deref a NULL 'base'
pointer because the setting of base at the bottom of the loop is unconditional.
Alter the code to set "base = cur" after processing each key. That will
"ensure" that base doesn't get set to NULL if both "cpu" and "revision"
do no follow a "processor".
While a /proc/cpuinfo file that has a "processor" key but with neither
a "cpu" nor a "revision" doesn't seem feasible, the code is written as if
it could happen, so we have to account for it.
Signed-off-by: John Ferlan <jferlan@redhat.com>
if (eol && VIR_STRNDUP(processor->processor_socket_destination,
cur, eol - cur) < 0)
return -1;
+ base = cur;
if ((cur = strstr(base, "cpu")) != NULL) {
cur = strchr(cur, ':') + 1;
if (eol && VIR_STRNDUP(processor->processor_type,
cur, eol - cur) < 0)
return -1;
+ base = cur;
}
if ((cur = strstr(base, "revision")) != NULL) {
if (eol && VIR_STRNDUP(processor->processor_version,
cur, eol - cur) < 0)
return -1;
+ base = cur;
}
- base = cur;
}
return 0;
projects / thirdparty / libvirt.git / commitdiff
