afb30dde3a
uri_resolve_relative() calls strcmp(bas->path, ref->path). However,
either argument could be null! Evidence: the code checks for null
after the comparison. Spotted by Coverity.
I suspect this was screwed up when we stole the code from libxml2.
There the conditional reads
xmlStrEqual((xmlChar *)bas->path, (xmlChar *)ref->path)
with
int
xmlStrEqual(const xmlChar *str1, const xmlChar *str2) {
if (str1 == str2) return(1);
if (str1 == NULL) return(0);
if (str2 == NULL) return(0);
do {
if (*str1++ != *str2) return(0);
} while (*str2++);
return(1);
}
Fix by replicating libxml2's logic faithfully.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
|
||
|---|---|---|
| .. | ||
| Makefile.objs | ||
| acl.c | ||
| aes.c | ||
| bitmap.c | ||
| bitops.c | ||
| compatfd.c | ||
| crc32c.c | ||
| cutils.c | ||
| envlist.c | ||
| error.c | ||
| event_notifier-posix.c | ||
| event_notifier-win32.c | ||
| fifo8.c | ||
| getauxval.c | ||
| hbitmap.c | ||
| hexdump.c | ||
| host-utils.c | ||
| id.c | ||
| iov.c | ||
| module.c | ||
| notify.c | ||
| osdep.c | ||
| oslib-posix.c | ||
| oslib-win32.c | ||
| path.c | ||
| qemu-config.c | ||
| qemu-error.c | ||
| qemu-openpty.c | ||
| qemu-option.c | ||
| qemu-progress.c | ||
| qemu-sockets.c | ||
| qemu-thread-posix.c | ||
| qemu-thread-win32.c | ||
| qemu-timer-common.c | ||
| rcu.c | ||
| readline.c | ||
| rfifolock.c | ||
| throttle.c | ||
| unicode.c | ||
| uri.c | ||