On Tue, 11 Sep 2018 15:36:49 +0800
Michael Mikonos <[email protected]> wrote:
> Hello,
>
> Sometimes vmd doesn't seem to check the result of malloc/calloc.
> I tried to preserve the existing behavour w.r.t. return values
> for the functions modified; some functions returned 1 on error
> while others return -1. Does this look correct?
>
> - Michael
>
>
> Index: vioqcow2.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/vmd/vioqcow2.c,v
> retrieving revision 1.2
> diff -u -p -u -r1.2 vioqcow2.c
> --- vioqcow2.c 11 Sep 2018 04:06:32 -0000 1.2
> +++ vioqcow2.c 11 Sep 2018 07:29:10 -0000
> @@ -202,6 +202,9 @@ qc2_open(struct qcdisk *disk, int fd)
> }
>
> disk->l1 = calloc(disk->l1sz, sizeof *disk->l1);
> + if (disk->l1 == NULL)
> + return -1;
> +
> if (pread(disk->fd, (char*)disk->l1, 8*disk->l1sz, disk->l1off)
> != 8*disk->l1sz) {
> free(disk->l1);
> @@ -237,6 +240,8 @@ qc2_open(struct qcdisk *disk, int fd)
> basepath[backingsz] = 0;
>
> disk->base = calloc(1, sizeof(struct qcdisk));
> + if (disk->base == NULL)
> + return -1;
This early return leaks disk->l1. The other vioqcow2/vioraw changes
look fine to me.
> if (qc2_openpath(disk->base, basepath, O_RDONLY) == -1) {
> free(disk->base);
> return -1;
> Index: vioraw.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/vmd/vioraw.c,v
> retrieving revision 1.1
> diff -u -p -u -r1.1 vioraw.c
> --- vioraw.c 25 Aug 2018 04:16:09 -0000 1.1
> +++ vioraw.c 11 Sep 2018 07:29:10 -0000
> @@ -62,6 +62,8 @@ virtio_init_raw(struct virtio_backing *f
> return -1;
>
> fdp = malloc(sizeof(int));
> + if (fdp == NULL)
> + return -1;
> *fdp = fd;
> file->p = fdp;
> file->pread = raw_pread;
>
--
Ori Bernstein <[email protected]>
