From: Eric Blake <eblake@redhat.com>
Date: Fri, 21 Oct 2011 21:34:34 +0000 (-0600)
Subject: storage: avoid null deref on qemu-img failure
X-Git-Tag: v0.9.7-rc1~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c04beb5d3aa187b4bcbb31152a93299c2265a00d;p=thirdparty%2Flibvirt.git

storage: avoid null deref on qemu-img failure

Detected by Coverity.  Only possible if qemu-img gives bogus output,
but we might as well be robust.

* src/storage/storage_backend.c
(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.
---

diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 64c35c2bf3..93c98d6cc9 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -631,8 +631,13 @@ static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
     if (virCommandRun(cmd, &exitstatus) < 0)
         goto cleanup;
 
-    start = strstr(help, " create ");
-    end = strstr(start, "\n");
+    if ((start = strstr(help, " create ")) == NULL ||
+        (end = strstr(start, "\n")) == NULL) {
+        virStorageReportError(VIR_ERR_INTERNAL_ERROR,
+                              _("unable to parse qemu-img output '%s'"),
+                              help);
+        goto cleanup;
+    }
     if (((tmp = strstr(start, "-F fmt")) && tmp < end) ||
         ((tmp = strstr(start, "-F backing_fmt")) && tmp < end))
         ret = QEMU_IMG_BACKING_FORMAT_FLAG;