From: Eric Blake Date: Wed, 29 Jun 2011 18:28:57 +0000 (-0600) Subject: rpc: avoid freeing uninitialized variable X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=0a8a79af53a72b75fb8edd94bd3689e990c482ff;p=libvirt.git rpc: avoid freeing uninitialized variable Detected by Coverity. Both are instances of bad things happening if pipe2 fails; the virNetClientNew failure could free garbage, and virNetSocketNewConnectCommand could close random fds. Note: POSIX doesn't guarantee the contents of fd[0] and fd[1] after pipe failure: http://austingroupbugs.net/view.php?id=467 We may need to introduce a virPipe2 wrapper that guarantees that on pipe failure, the fds are explicitly set to -1, rather than our current state of assuming the fds are unchanged from their value prior to the failed pipe call. * src/rpc/virnetclient.c (virNetClientNew): Initialize variable. * src/rpc/virnetsocket.c (virNetSocketNewConnectCommand): Likewise. --- diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index 39bdf14459..b551b99a00 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -113,7 +113,7 @@ static void virNetClientIncomingEvent(virNetSocketPtr sock, static virNetClientPtr virNetClientNew(virNetSocketPtr sock, const char *hostname) { - virNetClientPtr client; + virNetClientPtr client = NULL; int wakeupFD[2] = { -1, -1 }; if (pipe2(wakeupFD, O_CLOEXEC) < 0) { diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index 7e63d7840e..4b0c2ee67d 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -511,8 +511,8 @@ int virNetSocketNewConnectCommand(virCommandPtr cmd, virNetSocketPtr *retsock) { pid_t pid = 0; - int sv[2]; - int errfd[2]; + int sv[2] = { -1, -1 }; + int errfd[2] = { -1, -1 }; *retsock = NULL;