From: Jim Meyering Date: Mon, 29 Mar 2010 16:27:26 +0000 (+0200) Subject: nwfilter_ebiptables_driver.c: avoid NULL dereference X-Git-Tag: v0.8.1~138 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6719eab9e95c5daeeea85fe62e6270e1d5a0c58;p=thirdparty%2Flibvirt.git nwfilter_ebiptables_driver.c: avoid NULL dereference * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesApplyNewRules): Don't dereference a NULL or uninitialized pointer when given an empty list of rules. Add an sa_assert(inst) in each loop to tell clang that the uses of "inst[i]" are valid. --- diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index b481b4cbb6..f54099f098 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2834,11 +2834,11 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, bool haveIptables = false; bool haveIp6tables = false; - if (inst) - qsort(inst, nruleInstances, sizeof(inst[0]), - ebiptablesRuleOrderSort); + if (nruleInstances > 1 && inst) + qsort(inst, nruleInstances, sizeof(inst[0]), ebiptablesRuleOrderSort); for (i = 0; i < nruleInstances; i++) { + sa_assert (inst); if (inst[i]->ruleType == RT_EBTABLES) { if (inst[i]->chainprefix == CHAINPREFIX_HOST_IN_TEMP) chains_in |= (1 << inst[i]->neededProtocolChain); @@ -2881,6 +2881,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, goto tear_down_tmpebchains; for (i = 0; i < nruleInstances; i++) + sa_assert (inst); switch (inst[i]->ruleType) { case RT_EBTABLES: ebiptablesInstCommand(&buf, @@ -2918,6 +2919,7 @@ ebiptablesApplyNewRules(virConnectPtr conn ATTRIBUTE_UNUSED, goto tear_down_tmpiptchains; for (i = 0; i < nruleInstances; i++) { + sa_assert (inst); if (inst[i]->ruleType == RT_IPTABLES) iptablesInstCommand(&buf, inst[i]->commandTemplate,