[libvirt] [PATCH] virsh: avoid double free of domain

Wen Congyang wency at cn.fujitsu.com
Mon Jul 18 01:17:45 UTC 2011 

At 07/17/2011 11:29 PM, ajia at redhat.com Write:
> From: Alex Jia <ajia at redhat.com>
> 
> * tools/virsh.c: avoid double free of domain, when weight value of blkiotune
>   less than 0, codes will free domain and jump to cleanup section, however,
>   cleanup will free domain again.
> 
> Detected in valgrind run:
> 
> ==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
> ==21297== 
> ==21297== 1 errors in context 1 of 20:
> ==21297== Invalid read of size 4
> ==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
> ==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
> ==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
> ==21297==    by 0x806B967: main (virsh.c:14487)
> ==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
> ==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
> ==21297==    by 0x406814D: virFree (memory.c:310)
> ==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
> ==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
> ==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
> ==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
> ==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
> ==21297==    by 0x806B967: main (virsh.c:14487)
> ==21297== 
> ==21297== 
> ==21297== 1 errors in context 2 of 20:
> ==21297== Invalid read of size 4
> ==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
> ==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
> ==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
> ==21297==    by 0x806B967: main (virsh.c:14487)
> ==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
> ==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
> ==21297==    by 0x406814D: virFree (memory.c:310)
> ==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
> ==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
> ==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
> ==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
> ==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
> ==21297==    by 0x806B967: main (virsh.c:14487)
> 
> * how to reproduce?
>   % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1
> 
> ---
>  tools/virsh.c |    1 -
>  1 files changed, 0 insertions(+), 1 deletions(-)
> 
> diff --git a/tools/virsh.c b/tools/virsh.c
> index e75a249..cba249a 100644
> --- a/tools/virsh.c
> +++ b/tools/virsh.c
> @@ -3610,7 +3610,6 @@ cmdBlkiotune(vshControl * ctl, const vshCmd * cmd)
>      if (weight) {
>          nparams++;
>          if (weight < 0) {
> -            virDomainFree(dom);
>              vshError(ctl, _("Invalid value of %d for I/O weight"), weight);
>              goto cleanup;
>          }
ACK

More information about the libvir-list mailing list