From: Michal Privoznik <mpriv...@redhat.com> Inside of get_files() there are two cases where vah_add_file() is not checked for its retval. This is possibly dangerous, because vah_add_file() might fail. Fix those places by introducing checks for the retval.
Signed-off-by: Michal Privoznik <mpriv...@redhat.com> --- src/security/virt-aa-helper.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 2ea4b47fa5..7748a0d19b 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1022,15 +1022,17 @@ get_files(vahControl * ctl) const char *rendernode = virDomainGraphicsGetRenderNode(graphics); if (rendernode) { - vah_add_file(&buf, rendernode, "rw"); + if (vah_add_file(&buf, rendernode, "rw") != 0) + goto cleanup; needsgl = true; } else { if (virDomainGraphicsNeedsAutoRenderNode(graphics)) { g_autofree char *defaultRenderNode = virHostGetDRMRenderNode(); needsgl = true; - if (defaultRenderNode) { - vah_add_file(&buf, defaultRenderNode, "rw"); + if (defaultRenderNode && + vah_add_file(&buf, defaultRenderNode, "rw") != 0) { + goto cleanup; } } } -- 2.49.0