Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
for a NULL return; and that by not checking we risk a null deref
during an error. The error is unlikely since the prior call to
virJSONValueArraySize would probably have already caught any botched
JSON array parse, but better safe than sorry.
* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
Check for NULL.
(qemuMonitorJSONExtractPtyPaths): Fix typo.
---
src/qemu/qemu_monitor_json.c |9 +++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index b7a6a12..2a9a078 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -1018,7 +1018,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONValuePtr reply,
int thread;
if (!entry) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-_("character device information was missing aray
element"));
+_("character device information was missing array
element"));
goto cleanup;
}
@@ -2266,7 +2266,7 @@ static int qemuMonitorJSONExtractPtyPaths(virJSONValuePtr
reply,
const char *id;
if (!entry) {
qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-_("character device information was missing aray
element"));
+_("character device information was missing array
element"));
goto cleanup;
}
@@ -2855,6 +2855,11 @@ static int
qemuMonitorJSONGetBlockJobInfo(virJSONValuePtr reply,
for (i = 0; i < nr_results; i++) {
virJSONValuePtr entry = virJSONValueArrayGet(data, i);
+if (!entry) {
+qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+_("missing array element"));
+return -1;
+}
if (qemuMonitorJSONGetBlockJobInfoOne(entry, device, info) == 0)
return 1;
}
--
1.7.4.4
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
