[libvirt] [PATCH] avoid a probable EINVAL from lseek

Mon, 01 Feb 2010 13:25:14 -0800 

In src/qemu/qemu_driver.c, coverity reports this:

  Event negative_return_fn: Called negative-returning function "lseek(logfile, 
0L, 2)"
  Event var_assign: NEGATIVE return value of "lseek" assigned to signed 
variable "pos"
  At conditional (1): "(pos = lseek(logfile, 0L, 2)) < 0" taking true path
  2877      if ((pos = lseek(logfile, 0, SEEK_END)) < 0)
  2878          VIR_WARN(_("Unable to seek to end of logfile: %s"),
  2879                   virStrerror(errno, ebuf, sizeof ebuf));

since later in that same function, a negative "pos" may
be used like this:

  Event negative_returns: Tracked variable "pos" was passed to a negative sink. 
[details]
  2930      if (qemudWaitForMonitor(conn, driver, vm, pos) < 0)
  2931          goto abort;
  2932

which is a legitimate problem, since
qemudWaitForMonitor calls qemudLogReadFD, which calls lseek
with that same "pos" value:

  Event neg_sink_parm_call: Parameter "pos" passed to negative sink "lseek"
  560       if (lseek(fd, pos, SEEK_SET) < 0) {
  561           virReportSystemError(conn, errno,
  562                                _("Unable to seek to %lld in %s"),
  563                                (long long) pos, logfile);
  564           close(fd);
  565       }


One approach is to detect the negative offset in that final bit
of code and skip the lseek:

>From 0ef617935462c314ed0b44bcaa3dd5bf58ccbc1b Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyer...@redhat.com>
Date: Mon, 1 Feb 2010 22:17:44 +0100
Subject: [PATCH] avoid a probable EINVAL from lseek

* src/qemu/qemu_driver.c (qemudLogReadFD): Don't pass a negative
offset (from a preceding failed attempt to seek to EOF) to this use
of lseek.
---
 src/qemu/qemu_driver.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 22593bf..676a27b 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -558,8 +558,8 @@ qemudLogReadFD(virConnectPtr conn, const char* logDir, 
const char* name, off_t p
         close(fd);
         return -1;
     }
-    if (lseek(fd, pos, SEEK_SET) < 0) {
-        virReportSystemError(conn, errno,
+    if (pos < 0 || lseek(fd, pos, SEEK_SET) < 0) {
+      virReportSystemError(conn, pos < 0 ? 0 : errno,
                              _("Unable to seek to %lld in %s"),
                              (long long) pos, logfile);
         close(fd);
--
1.7.0.rc1.149.g0b0b7

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to