[libvirt] [PATCH] remote_driver.c: fix a NULL dereference in remoteDomainEventQueueFlush().

Matthias Bolte matthias.bolte at googlemail.com
Tue Jan 12 01:39:58 UTC 2010


2010/1/12 kakuma <f-kak at ksh.biglobe.ne.jp>:
> Hi, all.
>
> There is a case of a NULL dereference in function remoteDomainEventQueueFlush()
> in remote_driver.c
> In the case of local connection conn->privateData->domainEvents isn't reserved.
> In this case it will occurs segment fault.
> (for example examples/domain-events/events-c/event-test.c)
> I think the following patch will be available.
>
> Thanks.
>
> ---
>  src/remote/remote_driver.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index d6f5fce..b112fd3 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -8709,7 +8709,7 @@ void
>  remoteDomainEventQueueFlush(int timer ATTRIBUTE_UNUSED, void *opaque)
>  {
>     virConnectPtr conn = opaque;
> -    struct private_data *priv = conn->privateData;
> +    struct private_data *priv = conn->networkPrivateData;
>     virDomainEventQueue tempQueue;
>
>     remoteDriverLock(priv);
> --
> 1.5.6.1
>
> --
> kakuma <f-kak at ksh.biglobe.ne.jp>
>

NACK.

Actually this is a workaround for the segfault. I prefer a proper fix.

I haven't understood yet how the event-test causes a segfault here,
but the event-test code itself is broken for multiple added event
handles. In contrast the Python event-test handles multiple added
event handles properly and doesn't trigger this segfault.

Matthias




More information about the libvir-list mailing list