drives: Add comments about fragile string handling.

GC FTW.
libguestfs · Aug 19, 2014 · 0fd95e2 · 0fd95e2
1 parent b53286a
commit 0fd95e2
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/drives.c b/src/drives.c
@@ -676,6 +676,11 @@ parse_one_server (guestfs_h *g, const char *server, struct drive_server *ret)
   char *port_str;
   int port;
 
+  /* Note! Do not set any string field in *ret until you know the
+   * function will return successfully.  Otherwise there can be a
+   * double-free in parse_servers -> free_drive_servers below.
+   */
+
   ret->transport = drive_transport_none;
 
   if (STRPREFIX (server, "tcp:")) {
@@ -739,6 +744,9 @@ parse_servers (guestfs_h *g, char *const *strs,
     return 0;
   }
 
+  /* Must use calloc here to avoid freeing garbage along the error
+   * path below.
+   */
   servers = safe_calloc (g, n, sizeof (struct drive_server));
 
   for (i = 0; i < n; ++i) {