[libvirt] PATCH] Stop double free

Chris Lalancette clalance at redhat.com
Fri Sep 25 07:16:01 UTC 2009


Mark Hamzy wrote:
> The stack trace is as follows:
> 
> Program received signal SIGABRT, Aborted.
> 0x00000035ad830265 in raise () from /lib64/libc.so.6
> (gdb) bt
> #0 0x00000035ad830265 in raise () from /lib64/libc.so.6
> #1 0x00000035ad831d10 in abort () from /lib64/libc.so.6
> #2 0x00000035ad86a84b in __libc_message () from /lib64/libc.so.6
> #3 0x00000035ad8722ef in _int_free () from /lib64/libc.so.6
> #4 0x00000035ad87273b in free () from /lib64/libc.so.6
> #5 0x0000000000406771 in vshDeinit (ctl=0x7fffd35d35e0) at virsh.c:8244
> #6 0x00000000004069a5 in vshError (ctl=0x7fffd35d35e0, doexit=<value
> optimized out>, format=0x414f66 "%s") at virsh.c:7861
> #7 0x00000000004067c4 in vshDeinit (ctl=0x7fffd35d35e0) at virsh.c:8248
> #8 0x000000000041335e in main (argc=3, argv=0x7fffd35d3748) at virsh.c:8493
> 
> I am trying to run libvirt-0.7.1-0.1.git3ef2e05.fc12.src.rpm on RHEL5.4.
> 
> vshDeinit gets called twice, so ctl->name is freed twice.
> 
> How about this patch then?

Ah, I see now.  Your patch is a workaround.  The real problem is that vshDeinit
is re-entering itself through:

vshDeinit()->vshError()->vshDeinit()

While your patch would fix the problem, I'm not sure it's a good long-term
solution.  Other differences might come up in the future, and trying to worry
about vshDeinit being re-entrant is probably not worth the effort.  (Indeed, it
looks like there were earlier attempts to avoid this, but things have changed
since then, breaking the workaround).  I think we should make it so that
vshDeinit() does not try to re-enter itself.  At the moment I don't have a
patch, but I would look at either splitting vshError() into vshPrintError() and
vshError(), or just doing a couple of fprintf()'s directly in vshDeinit() and
not calling vshError() at all (with a comment explaining why).

-- 
Chris Lalancette




More information about the libvir-list mailing list