From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony Liguori <aliguori@us.ibm.com>
Subject: Re: [PATCH] Fix random segfaults in with xm top
Date: Wed, 23 Nov 2005 17:40:14 -0600
Message-ID: <4384FDDE.70400@us.ibm.com>
References: <1132769913.3868.7.camel@laptop>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <1132769913.3868.7.camel@laptop>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Jerone Young <jyoung5@us.ibm.com>
Cc: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Unfortunately, this patch introduces another potential segfault from an 
unterminated string.  See below for how to fix.

Jerone Young wrote:

># HG changeset patch
># User root@leaf1
># Node ID 7ce2dfd820e39c7764f276a785415014a7954861
># Parent  14d733e5e1d014e302d72fb78df1428ee08e3ce3
>* fix random segfaults in xentop by never returning null
>* remove xenstore transcations (not needed).
>
>diff -r 14d733e5e1d0 -r 7ce2dfd820e3 tools/xenstat/libxenstat/src/xenstat.c
>--- a/tools/xenstat/libxenstat/src/xenstat.c	Wed Nov 23 13:15:35 2005
>+++ b/tools/xenstat/libxenstat/src/xenstat.c	Wed Nov 23 19:17:11 2005
>@@ -702,19 +702,16 @@
> {
> 	char path[80];
> 	char *name;
>-	struct xs_transaction_handle *xstranshandle;
> 
> 	snprintf(path, sizeof(path),"/local/domain/%i/name", domain_id);
> 	
>-	xstranshandle = xs_transaction_start(handle->xshandle);
>-	if (xstranshandle == NULL) {
>-		perror("Unable to get transcation handle from xenstore\n");
>-		exit(1); /* Change this */
>-	}
>-
>-	name = (char *) xs_read(handle->xshandle, xstranshandle, path, NULL);
>+	name = (char *) xs_read(handle->xshandle, NULL, path, NULL);
> 	
>-	xs_transaction_end(handle->xshandle, xstranshandle, false);
>+	if (name == NULL)
>+	{
>+		name = (char *)malloc((size_t)sizeof(char));
>+		name[0] = ' ';
>+	}	 
>  
>
-		name = (char *)malloc((size_t)sizeof(char));
-		name[0] = ' ';
+               name = malloc(2);
+		name[0] = ' ';
+		name[1] = 0;

Or better yet:

-		name = (char *)malloc((size_t)sizeof(char));
-		name[0] = ' ';
+		name = strdup(" ");

Regards,

Anthony Liguori

>  
>
> 	return name;
> }	
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel
>  
>