[Libvir] libvirt.c: avoid a double-free upon do_open failure
Daniel Veillard
veillard at redhat.com
Fri Feb 1 15:00:24 UTC 2008
On Wed, Jan 30, 2008 at 02:58:11PM +0100, Jim Meyering wrote:
> With a contrived example using more than 20 (the max permitted by
> the testing framework) domains, I got a double-free error:
[...]
> here's one way to fix it:
>
> diff --git a/src/libvirt.c b/src/libvirt.c
> index defadc1..c19565f 100644
> --- a/src/libvirt.c
> +++ b/src/libvirt.c
> @@ -615,7 +615,6 @@ do_open (const char *name,
> return ret;
>
> failed:
> - free (ret->name);
> if (ret->driver) ret->driver->close (ret);
> if (uri) xmlFreeURI(uri);
> virUnrefConnect(ret);
>
> At first, rather than removing the offending
> free, I inserted this line just after it:
>
> ret->name = NULL;
>
> which avoids leaking ->name even if some driver-specific close function
> fails to clean up properly. But IMHO if such a function doesn't clean
> up properly then *it* should be fixed, not all callers.
Hum, right, the close functions should clean the state stored
in the connection, for 'name' all drivers should set it so i think
I initially made it a responsability of the main routine, but
it doesn't make much sense to have a specific handling for it.
Maybe the patch as you suggest should be applied after checking the
existing ConnectionClose entry points properly free name (I think so)
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the libvir-list
mailing list