From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 3 Dec 2014 17:50:16 +0000 (+0100)
Subject: cpu: fix possible crash in getModels
X-Git-Tag: v1.2.11-rc1~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a4cff58eff28d5fe7501d9e9a8de8020e5481b6;p=thirdparty%2Flibvirt.git

cpu: fix possible crash in getModels

Commit 86a15a25 introduced a new cpu driver API 'getModels'. Public API
allow you to pass NULL for models to get only number of existing models.
However the new code will crash with segfault so we have to count with
the possibility that the user wants only the number.

There is also difference in order of the models gathered by this new API
as the old approach was inserting the elements to the end of the array
so we should use 'VIR_APPEND_ELEMENT'.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---

diff --git a/src/cpu/cpu_powerpc.c b/src/cpu/cpu_powerpc.c
index 871401b017..1cd6874c05 100644
--- a/src/cpu/cpu_powerpc.c
+++ b/src/cpu/cpu_powerpc.c
@@ -666,11 +666,15 @@ ppcGetModels(char ***models)
 
     model = map->models;
     while (model != NULL) {
-        if (VIR_STRDUP(name, model->name) < 0)
-            goto error;
+        if (models) {
+            if (VIR_STRDUP(name, model->name) < 0)
+                goto error;
 
-        if (VIR_INSERT_ELEMENT(*models, 0, nmodels, name) < 0)
-            goto error;
+            if (VIR_APPEND_ELEMENT(*models, nmodels, name) < 0)
+                goto error;
+        } else {
+            nmodels++;
+        }
 
         model = model->next;
     }
@@ -681,7 +685,10 @@ ppcGetModels(char ***models)
     return nmodels;
 
  error:
-    virStringFreeList(*models);
+    if (models) {
+        virStringFreeList(*models);
+        *models = NULL;
+    }
     nmodels = -1;
     goto cleanup;
 }
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index f6dcba41d0..45be262307 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -2176,11 +2176,15 @@ x86GetModels(char ***models)
 
     model = map->models;
     while (model != NULL) {
-        if (VIR_STRDUP(name, model->name) < 0)
-            goto error;
+        if (models) {
+            if (VIR_STRDUP(name, model->name) < 0)
+                goto error;
 
-        if (VIR_INSERT_ELEMENT(*models, 0, nmodels, name) < 0)
-            goto error;
+            if (VIR_APPEND_ELEMENT(*models, nmodels, name) < 0)
+                goto error;
+        } else {
+            nmodels++;
+        }
 
         model = model->next;
     }
@@ -2188,7 +2192,10 @@ x86GetModels(char ***models)
     return nmodels;
 
  error:
-    virStringFreeList(*models);
+    if (models) {
+        virStringFreeList(*models);
+        *models = NULL;
+    }
     return -1;
 }