qemu: avoid null deref on block pull error

Coverity detected that 5 of 6 callers of virJSONValueArrayGet checked
for a NULL return; and that by not checking we risk a null deref
during an error.  The error is unlikely since the prior call to
virJSONValueArraySize would probably have already caught any botched
JSON array parse, but better safe than sorry.

* src/qemu/qemu_monitor_json.c (qemuMonitorJSONGetBlockJobInfo):
Check for NULL.
(qemuMonitorJSONExtractPtyPaths): Fix typo.

diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index b7a6a129ea93acebc0c0f33d21acaec2d3061be5..2a9a0782eca89e129e8c14375d4d2d905e0d75f6 100644 (file)
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -1018,7 +1018,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONValuePtr reply,
         int thread;
         if (!entry) {
             qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                            _("character device information was missing aray element"));
+                            _("character device information was missing array element"));
             goto cleanup;
         }
 
@@ -2266,7 +2266,7 @@ static int qemuMonitorJSONExtractPtyPaths(virJSONValuePtr reply,
         const char *id;
         if (!entry) {
             qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                            _("character device information was missing aray element"));
+                            _("character device information was missing array element"));
             goto cleanup;
         }
 
@@ -2855,6 +2855,11 @@ static int qemuMonitorJSONGetBlockJobInfo(virJSONValuePtr reply,
 
     for (i = 0; i < nr_results; i++) {
         virJSONValuePtr entry = virJSONValueArrayGet(data, i);
+        if (!entry) {
+            qemuReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("missing array element"));
+            return -1;
+        }
         if (qemuMonitorJSONGetBlockJobInfoOne(entry, device, info) == 0)
             return 1;
     }