From c04beb5d3aa187b4bcbb31152a93299c2265a00d Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Fri, 21 Oct 2011 15:34:34 -0600
Subject: [PATCH] storage: avoid null deref on qemu-img failure

Detected by Coverity.  Only possible if qemu-img gives bogus output,
but we might as well be robust.

* src/storage/storage_backend.c
(virStorageBackendQEMUImgBackingFormat): Check for strstr failure.
---
 src/storage/storage_backend.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 64c35c2bf3..93c98d6cc9 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -631,8 +631,13 @@ static int virStorageBackendQEMUImgBackingFormat(const char *qemuimg)
     if (virCommandRun(cmd, &exitstatus) < 0)
         goto cleanup;
 
-    start = strstr(help, " create ");
-    end = strstr(start, "\n");
+    if ((start = strstr(help, " create ")) == NULL ||
+        (end = strstr(start, "\n")) == NULL) {
+        virStorageReportError(VIR_ERR_INTERNAL_ERROR,
+                              _("unable to parse qemu-img output '%s'"),
+                              help);
+        goto cleanup;
+    }
     if (((tmp = strstr(start, "-F fmt")) && tmp < end) ||
         ((tmp = strstr(start, "-F backing_fmt")) && tmp < end))
         ret = QEMU_IMG_BACKING_FORMAT_FLAG;
-- 
GitLab