[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] libvirt.c: avoid a double-free upon do_open failure



On Wed, Jan 30, 2008 at 02:58:11PM +0100, Jim Meyering wrote:
> With a contrived example using more than 20 (the max permitted by
> the testing framework) domains, I got a double-free error:
[...]
> here's one way to fix it:
> 
> diff --git a/src/libvirt.c b/src/libvirt.c
> index defadc1..c19565f 100644
> --- a/src/libvirt.c
> +++ b/src/libvirt.c
> @@ -615,7 +615,6 @@ do_open (const char *name,
>      return ret;
> 
>  failed:
> -    free (ret->name);
>      if (ret->driver) ret->driver->close (ret);
>      if (uri) xmlFreeURI(uri);
>  	virUnrefConnect(ret);
> 
> At first, rather than removing the offending
> free, I inserted this line just after it:
> 
>     ret->name = NULL;
> 
> which avoids leaking ->name even if some driver-specific close function
> fails to clean up properly.  But IMHO if such a function doesn't clean
> up properly then *it* should be fixed, not all callers.

 Hum, right, the close functions should clean the state stored
in the connection, for 'name' all drivers should set it so i think
I initially made it a responsability of the main routine, but
it doesn't make much sense to have a specific handling for it.
Maybe the patch as you suggest should be applied after checking the
existing ConnectionClose entry points properly free name (I think so)

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]