On Fri, 2018-09-21 at 18:05 -0500, Benjamin Marzinski wrote: > set_int() wasn't checking if the line actually had a value before > converting it to an integer. Found by coverity. Also, it should > be using set_value(). > > Signed-off-by: Benjamin Marzinski <[email protected]> > --- > libmultipath/dict.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libmultipath/dict.c b/libmultipath/dict.c > index 32524d5..bf4701e 100644 > --- a/libmultipath/dict.c > +++ b/libmultipath/dict.c > @@ -33,7 +33,10 @@ set_int(vector strvec, void *ptr) > int *int_ptr = (int *)ptr; > char * buff; > > - buff = VECTOR_SLOT(strvec, 1); > + buff = set_value(strvec); > + if (!buff) > + return 1; > + > *int_ptr = atoi(buff); > > return 0;
Well, I believe that validate_config_strvec() would have made sure that VECTOR_SLOT(strvec, 1) exists and is non-NULL before set_int() is called via keyword->handler(). Also, if we want to make this more robust, we might want to use strtol() rather than atoi() to check for an actual int argument. Anyway: Reviewed-by: Martin Wilck <[email protected]> -- Dr. Martin Wilck <[email protected]>, Tel. +49 (0)911 74053 2107 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- dm-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/dm-devel
