From: John Ferlan Date: Tue, 7 Mar 2017 12:01:21 +0000 (-0500) Subject: util: Avoid possible NULL dereference in virSysinfoParsePPCProcessor X-Git-Tag: v3.2.0-rc1~339 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15b881474b6cebca18f531a0512aeb0db3d9cd39;p=thirdparty%2Flibvirt.git util: Avoid possible NULL dereference in virSysinfoParsePPCProcessor Found by Coverity. Because there's an "if ((cur = strstr(base, "revision")) != NULL) {" followed by a "base = cur" coverity notes that 'base' could then be NULL causing the return to the top of the "while ((tmp_base = strstr(base, "processor")) != NULL) {" to have strstr deref a NULL 'base' pointer because the setting of base at the bottom of the loop is unconditional. Alter the code to set "base = cur" after processing each key. That will "ensure" that base doesn't get set to NULL if both "cpu" and "revision" do no follow a "processor". While a /proc/cpuinfo file that has a "processor" key but with neither a "cpu" nor a "revision" doesn't seem feasible, the code is written as if it could happen, so we have to account for it. Signed-off-by: John Ferlan --- diff --git a/src/util/virsysinfo.c b/src/util/virsysinfo.c index 14c17a897d..8d3377c04e 100644 --- a/src/util/virsysinfo.c +++ b/src/util/virsysinfo.c @@ -231,6 +231,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret) if (eol && VIR_STRNDUP(processor->processor_socket_destination, cur, eol - cur) < 0) return -1; + base = cur; if ((cur = strstr(base, "cpu")) != NULL) { cur = strchr(cur, ':') + 1; @@ -239,6 +240,7 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret) if (eol && VIR_STRNDUP(processor->processor_type, cur, eol - cur) < 0) return -1; + base = cur; } if ((cur = strstr(base, "revision")) != NULL) { @@ -248,9 +250,9 @@ virSysinfoParsePPCProcessor(const char *base, virSysinfoDefPtr ret) if (eol && VIR_STRNDUP(processor->processor_version, cur, eol - cur) < 0) return -1; + base = cur; } - base = cur; } return 0;