From: Laine Stump <laine@laine.org>
Date: Mon, 1 Jul 2013 03:52:43 +0000 (-0400)
Subject: pci: initialize virtual_functions array pointer to avoid segfault
X-Git-Tag: v1.0.5.3~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5b269cbc5d1edb34c50a31906dad38cdd2b663f;p=thirdparty%2Flibvirt.git

pci: initialize virtual_functions array pointer to avoid segfault

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=971325

The problem was that if virPCIGetVirtualFunctions was given the name
of a non-existent interface, it would return to its caller without
initializing the pointer to the array of virtual functions to NULL,
and the caller (virNetDevGetVirtualFunctions) would try to VIR_FREE()
the invalid pointer.

The final error message before the crash would be:

 virPCIGetVirtualFunctions:2088 :
  Failed to open dir '/sys/class/net/eth2/device':
  No such file or directory

In this patch I move the initialization in virPCIGetVirtualFunctions()
to the begining of the function, and also do an explicit
initialization in virNetDevGetVirtualFunctions, just in case someone
in the future adds code into that function prior to the call to
virPCIGetVirtualFunctions.

(cherry picked from commit 2c2525ab6a6f0ad5d75a6c60711e2e28cb1cebe9)
---

diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index 8013f23346..7c3296cdad 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -1000,6 +1000,9 @@ virNetDevGetVirtualFunctions(const char *pfname,
     char *pci_sysfs_device_link = NULL;
     char *pciConfigAddr = NULL;
 
+    *virt_fns = NULL;
+    *n_vfname = 0;
+
     if (virNetDevSysfsFile(&pf_sysfs_device_link, pfname, "device") < 0)
         return ret;
 
diff --git a/src/util/virpci.c b/src/util/virpci.c
index ba60292f15..d60bd6ba26 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -2080,6 +2080,9 @@ virPCIGetVirtualFunctions(const char *sysfs_path,
     VIR_DEBUG("Attempting to get SR IOV virtual functions for device"
               "with sysfs path '%s'", sysfs_path);
 
+    *virtual_functions = NULL;
+    *num_virtual_functions = 0;
+
     dir = opendir(sysfs_path);
     if (dir == NULL) {
         memset(errbuf, '\0', sizeof(errbuf));
@@ -2089,8 +2092,6 @@ virPCIGetVirtualFunctions(const char *sysfs_path,
         return ret;
     }
 
-    *virtual_functions = NULL;
-    *num_virtual_functions = 0;
     while ((entry = readdir(dir))) {
         if (STRPREFIX(entry->d_name, "virtfn")) {
             virPCIDeviceAddress *config_addr = NULL;