[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] libvirt.c: avoid a double-free upon do_open failure

On Wed, Jan 30, 2008 at 02:58:11PM +0100, Jim Meyering wrote:
> With a contrived example using more than 20 (the max permitted by
> the testing framework) domains, I got a double-free error:
> here's one way to fix it:
> diff --git a/src/libvirt.c b/src/libvirt.c
> index defadc1..c19565f 100644
> --- a/src/libvirt.c
> +++ b/src/libvirt.c
> @@ -615,7 +615,6 @@ do_open (const char *name,
>      return ret;
>  failed:
> -    free (ret->name);
>      if (ret->driver) ret->driver->close (ret);
>      if (uri) xmlFreeURI(uri);
>  	virUnrefConnect(ret);
> At first, rather than removing the offending
> free, I inserted this line just after it:
>     ret->name = NULL;
> which avoids leaking ->name even if some driver-specific close function
> fails to clean up properly.  But IMHO if such a function doesn't clean
> up properly then *it* should be fixed, not all callers.

 Hum, right, the close functions should clean the state stored
in the connection, for 'name' all drivers should set it so i think
I initially made it a responsability of the main routine, but
it doesn't make much sense to have a specific handling for it.
Maybe the patch as you suggest should be applied after checking the
existing ConnectionClose entry points properly free name (I think so)


Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]