libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref

* src/libvirt.c (virDomainGetVcpus): Describe new, stronger requirement on "maplen"s relationship to "cpumaps".

libvirt.c: don't let a NULL "cpumaps" argument provoke a NULL-deref
* src/libvirt.c (virDomainGetVcpus): Describe new, stronger requirement on "maplen"s relationship to "cpumaps".
d37bca86 · Jim Meyering · 643ee3fa · d37bca86
隐藏空白更改
内联并排

Showing with 6 addition and 1 deletion

src/libvirt.c src/libvirt.c +6 -1

未找到文件。
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -4753,6 +4753,7 @@ error:
 *      virDomainPinVcpu() API.
 * @maplen: number of bytes in one cpumap, from 1 up to size of CPU map in
 *	underlying virtualization system (Xen...).
+ *	Must be zero when cpumaps is NULL and positive when it is non-NULL.
 *
 * Extract information about virtual CPUs of domain, store it in info array
 * and also in cpumaps if this pointer isn't NULL.
@@ -4776,7 +4777,11 @@ virDomainGetVcpus(virDomainPtr domain, virVcpuInfoPtr info, int maxinfo,
        virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
        goto error;
    }
-    if (cpumaps != NULL && maplen < 1) {
+
+    /* Ensure that domainGetVcpus (aka remoteDomainGetVcpus) does not
+       try to memcpy anything into a NULL pointer.  */
+    if ((cpumaps == NULL && maplen != 0)
+        || (cpumaps && maplen <= 0)) {
        virLibDomainError(domain, VIR_ERR_INVALID_ARG, __FUNCTION__);
        goto error;
    }