| Message ID | 1539981546-10596-5-git-send-email-Liam.Merwick@oracle.com |
|---|---|
| State | New |
| Headers | show |
| Series | off-by-one and NULL pointer accesses detected by static analysis | expand |
On 19.10.18 22:39, Liam Merwick wrote: > Although the function block_job_get() can return NULL, it would be a > serious bug if it did so (because the job yields before executing anything > (if it started successfully); but otherwise, commit_active_start() would > have returned an error). However, as a precaution, before dereferencing > the 'job' pointer in img_commit() assert it is not NULL. (In the meantime, Markus has argued to me in some other case that asserting that something isn't NULL is just as good as just dereferencing it. Oh well, I still don't mind either way.) > Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com> > --- > qemu-img.c | 1 + > 1 file changed, 1 insertion(+) Reviewed-by: Max Reitz <mreitz@redhat.com>
diff --git a/qemu-img.c b/qemu-img.c index b12f4cd19b0a..457aa152296b 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -1029,6 +1029,7 @@ static int img_commit(int argc, char **argv) } job = block_job_get("commit"); + assert(job); run_block_job(job, &local_err); if (local_err) { goto unref_backing;
Although the function block_job_get() can return NULL, it would be a serious bug if it did so (because the job yields before executing anything (if it started successfully); but otherwise, commit_active_start() would have returned an error). However, as a precaution, before dereferencing the 'job' pointer in img_commit() assert it is not NULL. Signed-off-by: Liam Merwick <Liam.Merwick@oracle.com> --- qemu-img.c | 1 + 1 file changed, 1 insertion(+)