From: John Ferlan <jferlan@redhat.com>
Date: Thu, 11 Sep 2014 21:45:04 +0000 (-0400)
Subject: qemu: Resolve Coverity FORWARD_NULL
X-Git-Tag: CVE-2014-3633~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78fbc79d85f32eddda5379ced7ec8f9b45c45e59;p=thirdparty%2Flibvirt.git

qemu: Resolve Coverity FORWARD_NULL

If we end up at the cleanup lable before we've VIR_EXPAND_N the list,
then calling virQEMUCapsFreeStringList() with a NULL proplist could
theoretically deref proplist if nproplist was set. Coverity doesn't
seem to acknowledge the relationship between proplist and nproplist
assuming in virQEMUCapsFreeStringList that nproplist could be at
least 1 and thus have a null deref.  It only seems to follow the
NULL proplist.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index a652f29db8..81ada486f1 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1728,7 +1728,7 @@ virQEMUCapsParseDeviceStrObjectProps(const char *str,
     ret = nproplist;
 
  cleanup:
-    if (ret < 0)
+    if (ret < 0 && proplist)
         virQEMUCapsFreeStringList(nproplist, proplist);
     return ret;
 }