From fcbeadf3e881971fce134b94c2a61bfd5070ec43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Wed, 17 Jul 2013 10:56:05 +0200
Subject: [PATCH] cgroup: reuse buffer for getline

Reuse the buffer for getline and track buffer allocation
separately from the string length to prevent unlikely
out-of-bounds memory access.

This fixes the following leak that happened when zero bytes were read:

==404== 120 bytes in 1 blocks are definitely lost in loss record 1,344 of 1,671
==404==    at 0x4C2C71B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==404==    by 0x906F862: getdelim (iogetdelim.c:68)
==404==    by 0x52A48FB: virCgroupPartitionNeedsEscaping (vircgroup.c:1136)
==404==    by 0x52A0FB4: virCgroupPartitionEscape (vircgroup.c:1171)
==404==    by 0x52A0EA4: virCgroupNewDomainPartition (vircgroup.c:1450)
(cherry picked from commit cc7329317fee6088055d7b09594c19f1b8fec5e3)
---
 src/util/vircgroup.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index ae71859286..842b4425b5 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1101,7 +1101,7 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
     FILE *fp = NULL;
     int ret = 0;
     char *line = NULL;
-    size_t len;
+    size_t buflen;
 
     /* If it starts with 'cgroup.' or a '_' of any
      * of the controller names from /proc/cgroups,
@@ -1133,23 +1133,22 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
      * freezer 6 4  1
      * net_cls 7 1  1
      */
-    while (getline(&line, &len, fp) > 0) {
-        if (STRPREFIX(line, "#subsys_name")) {
-            VIR_FREE(line);
+    while (getline(&line, &buflen, fp) > 0) {
+        char *tmp;
+        size_t len;
+
+        if (STRPREFIX(line, "#subsys_name"))
             continue;
-        }
-        char *tmp = strchr(line, ' ');
-        if (tmp)
-            *tmp = '\0';
+
+        tmp = strchrnul(line, ' ');
+        *tmp = '\0';
         len = tmp - line;
 
         if (STRPREFIX(path, line) &&
             path[len] == '.') {
             ret = 1;
-            VIR_FREE(line);
             goto cleanup;
         }
-        VIR_FREE(line);
     }
 
     if (ferror(fp)) {
@@ -1158,6 +1157,7 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
     }
 
 cleanup:
+    VIR_FREE(line);
     VIR_FORCE_FCLOSE(fp);
     return ret;
 }
-- 
GitLab