From: Ján Tomko <jtomko@redhat.com>
Date: Wed, 17 Jul 2013 08:56:05 +0000 (+0200)
Subject: cgroup: reuse buffer for getline
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=cc7329317fee6088055d7b09594c19f1b8fec5e3;p=people%2Fliuw%2Flibxenctrl-split%2Flibvirt.git

cgroup: reuse buffer for getline

Reuse the buffer for getline and track buffer allocation
separately from the string length to prevent unlikely
out-of-bounds memory access.

This fixes the following leak that happened when zero bytes were read:

==404== 120 bytes in 1 blocks are definitely lost in loss record 1,344 of 1,671
==404==    at 0x4C2C71B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==404==    by 0x906F862: getdelim (iogetdelim.c:68)
==404==    by 0x52A48FB: virCgroupPartitionNeedsEscaping (vircgroup.c:1136)
==404==    by 0x52A0FB4: virCgroupPartitionEscape (vircgroup.c:1171)
==404==    by 0x52A0EA4: virCgroupNewDomainPartition (vircgroup.c:1450)
---

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 5a9839318..9dfe98d4a 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -1101,7 +1101,7 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
     FILE *fp = NULL;
     int ret = 0;
     char *line = NULL;
-    size_t len;
+    size_t buflen;
 
     /* If it starts with 'cgroup.' or a '_' of any
      * of the controller names from /proc/cgroups,
@@ -1133,23 +1133,22 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
      * freezer 6 4  1
      * net_cls 7 1  1
      */
-    while (getline(&line, &len, fp) > 0) {
-        if (STRPREFIX(line, "#subsys_name")) {
-            VIR_FREE(line);
+    while (getline(&line, &buflen, fp) > 0) {
+        char *tmp;
+        size_t len;
+
+        if (STRPREFIX(line, "#subsys_name"))
             continue;
-        }
-        char *tmp = strchr(line, ' ');
-        if (tmp)
-            *tmp = '\0';
+
+        tmp = strchrnul(line, ' ');
+        *tmp = '\0';
         len = tmp - line;
 
         if (STRPREFIX(path, line) &&
             path[len] == '.') {
             ret = 1;
-            VIR_FREE(line);
             goto cleanup;
         }
-        VIR_FREE(line);
     }
 
     if (ferror(fp)) {
@@ -1158,6 +1157,7 @@ static int virCgroupPartitionNeedsEscaping(const char *path)
     }
 
 cleanup:
+    VIR_FREE(line);
     VIR_FORCE_FCLOSE(fp);
     return ret;
 }