[Libguestfs] [PATCH libnbd 5/5] lib/connect: Avoid segfault for zero-length argv

Eric found that passing a zero length array to nbd_connect_command or nbd_connect_systemd_socket_activation results in a segfault. This can be triggered through Python as follows: $ nbdsh -c 'h.connect_command([])' nbdsh: generator/states-connect.c:247: enter_STATE_CONNECT_COMMAND_START: Assertion `h->argv.ptr[0]' failed. Aborted (core dumped) Reported-by: Eric Blake --- lib/connect.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/connect.c b/lib/connect.c index 5008063034..629f35db7c 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -251,6 +251,11 @@ nbd_unlocked_aio_connect_socket (struct nbd_handle *h, int sock) int nbd_unlocked_aio_connect_command (struct nbd_handle *h, char **argv) { + if (argv[0] == NULL) { + set_error (EINVAL, "argv parameter must have at least 1 element"); + return -1; + } + if (nbd_internal_set_argv (&h->argv, argv) == -1) { set_error (errno, "realloc"); return -1; @@ -263,6 +268,11 @@ int nbd_unlocked_aio_connect_systemd_socket_activation (struct nbd_handle *h, char **argv) { + if (argv[0] == NULL) { + set_error (EINVAL, "argv parameter must have at least 1 element"); + return -1; + } + if (nbd_internal_set_argv (&h->argv, argv) == -1) { set_error (errno, "realloc"); return -1; -- 2.37.0.rc2