Bug 732015 - Insufficient memory for the terminating null of the string
Summary: Insufficient memory for the terminating null of the string
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt-snmp
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Laine Stump
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 748554
TreeView+ depends on / blocked
 
Reported: 2011-08-19 13:18 UTC by Michal Luscon
Modified: 2011-12-06 14:49 UTC (History)
9 users (show)

Fixed In Version: libvirt-snmp-0.0.2-3.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 14:49:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:1609 0 normal SHIPPED_LIVE new package: libvirt-snmp 2011-12-06 00:51:09 UTC

Description Michal Luscon 2011-08-19 13:18:35 UTC 
Description of problem:

/src/libvirtGuestTable_data_get.c:204 - Strlen returns length of string, not including the terminating '\0' character.

/src/libvirtGuestTable_data_get.c:218 - Destination string is filled without terminating character.

Version-Release number of selected component (if applicable):
0.0.2-1

Additional info:
This issue was found during the analysis of Coverity scan report.
Comment 4 Laine Stump 2011-10-18 18:16:47 UTC 
Fixes for all the problems uncovered by coverity have been pushed upstream:

commit 51e5c3014d7d162d7d8a2aaccb42b6a0092b825d
Author: Laine Stump <laine>
Date:   Tue Oct 18 13:07:50 2011 -0400

    fix startup logic for selecting stderr vs syslog
    
    This bug was uncovered by coverity during the run that resulted in the
    filing of the following bug:
    
       https://bugzilla.redhat.com/show_bug.cgi?id=732015
    
    use_syslog was initialized to 0, and then if the "Use stderr" option
    was selected, it was set to ... "0"!
    
    Rather than simply initializing to 1, I decided to reduce confusion by
    renaming the variable to "use_stderr", leave it initialized to 0, then
    set to 1 when the user asks for stderr.

commit e5b3fd6b6ef3cd8fda00f74291e6fb2174cc806b
Author: Laine Stump <laine>
Date:   Tue Oct 18 12:47:45 2011 -0400

    eliminate bogus check for "NULL" array
    
    This is another bug found by coverity in:
    
       https://bugzilla.redhat.com/show_bug.cgi?id=732015
    
    Apparently libvirtGuestUUID was originally a pointer, and the code was
    making sure that it had memory allocated, but now it is an array that
    is contained in the structure, so checking for NULL makes no sense.

commit 17e238092ccaa3d6386ab668b651b3031f009e60
Author: Laine Stump <laine>
Date:   Tue Oct 18 12:40:41 2011 -0400

    allocate enough space for trailing NULL in string
    
    This bug was found by coverity. See:
    
      https://bugzilla.redhat.com/show_bug.cgi?id=732015
Comment 8 Alex Jia 2011-10-19 11:15:16 UTC 
I can reproduce this issue and the latest Coverity result is fine for libvirt-snmp-0.0.2-2.el6, I haven't seen previous errors again and everything is okay, please see http://releng-test1.englab.brq.redhat.com/covscan/task/177/, so move the bug to VERIFIED status.

Alex
Comment 12 Alex Jia 2011-10-19 16:06:40 UTC 
Move the bug to VERIFIED status based on latest Coverity result:
http://releng-test1.englab.brq.redhat.com/covscan/task/179/
Comment 13 errata-xmlrpc 2011-12-06 14:49:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2011-1609.html
Note You need to log in before you can comment on or make changes to this bug.