On Tue, Sep 27, 2022 at 03:46:21PM +0100, Richard W.M. Jones wrote: > Eric found that passing a zero length array to nbd_connect_command or > nbd_connect_systemd_socket_activation results in a segfault. This can > be triggered through Python as follows: > > $ nbdsh -c 'h.connect_command([])' > nbdsh: generator/states-connect.c:247: enter_STATE_CONNECT_COMMAND_START: > Assertion `h->argv.ptr[0]' failed. > Aborted (core dumped) > > Reported-by: Eric Blake > --- > lib/connect.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/lib/connect.c b/lib/connect.c > index 5008063034..629f35db7c 100644 > --- a/lib/connect.c > +++ b/lib/connect.c > @@ -251,6 +251,11 @@ nbd_unlocked_aio_connect_socket (struct nbd_handle *h, > int sock) > int > nbd_unlocked_aio_connect_command (struct nbd_handle *h, char **argv) > { > + if (argv[0] == NULL) { > + set_error (EINVAL, "argv parameter must have at least 1 element"); > + return -1; > + } > +
This is basically half of my v3 1/18 patch - the part that was noncontroversial. Comparing my version to yours, I picked a different error message: nbdsh: command line script failed: nbd_connect_command: missing command name in argv list: Invalid argument and centralized things into a single helper function in utils.c instead of open-coding it at each affected nbd*_connect_* command. > if (nbd_internal_set_argv (&h->argv, argv) == -1) { > set_error (errno, "realloc"); > return -1; > @@ -263,6 +268,11 @@ int > nbd_unlocked_aio_connect_systemd_socket_activation (struct nbd_handle *h, > char **argv) > { > + if (argv[0] == NULL) { > + set_error (EINVAL, "argv parameter must have at least 1 element"); > + return -1; > + } > + > if (nbd_internal_set_argv (&h->argv, argv) == -1) { > set_error (errno, "realloc"); > return -1; > -- > 2.37.0.rc2 > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://listman.redhat.com/mailman/listinfo/libguestfs