[libvirt] libvirt-0.9.5 availability of rc2
Daniel Veillard
veillard at redhat.com
Mon Sep 19 08:04:04 UTC 2011
On Sun, Sep 18, 2011 at 09:37:22AM -0500, Adam Litke wrote:
> I am getting SIGABRT and SIGSEGV in libvirtd when trying to catch blockJob
> events.
>
> When running under valgrind I get the following:
> ==19819== Thread 1:
> ==19819== Invalid free() / delete / delete[]
> ==19819== at 0x4C282ED: free (vg_replace_malloc.c:366)
> ==19819== by 0x4E7B48: virFree (memory.c:310)
> ==19819== by 0x7669C32: virDomainEventFree (domain_event.c:510)
> ==19819== by 0x766AFE2: virDomainEventQueueDispatch (domain_event.c:1154)
> ==19819== by 0x766B19D: virDomainEventStateFlush (domain_event.c:1195)
> ==19819== by 0x483E15: qemuDomainEventFlush (qemu_domain.c:134)
> ==19819== by 0x507535: virEventPollRunOnce (event_poll.c:421)
> ==19819== by 0x4E6D44: virEventRunDefaultImpl (event.c:247)
> ==19819== by 0x44813C: virNetServerRun (virnetserver.c:701)
> ==19819== by 0x41FECE: main (libvirtd.c:1564)
> ==19819== Address 0x131b0a30 is 0 bytes inside a block of size 15 free'd
> ==19819== at 0x4C282ED: free (vg_replace_malloc.c:366)
> ==19819== by 0x7FB006C: xdr_string (xdr.c:722)
> ==19819== by 0x43A5FD: xdr_remote_nonnull_string (remote_protocol.c:30)
> ==19819== by 0x442E2B: xdr_remote_domain_event_block_job_msg
> (remote_protocol.c:4000)
> ==19819== by 0x7FAF6C4: xdr_free (xdr.c:72)
> ==19819== by 0x431BDA: remoteRelayDomainEventBlockJob (remote.c:363)
Hum, I wonder if remoteRelayDomainEventBlockJob shouldn't strdup the
path string instead of using it directly in the
remote_domain_event_block_job_msg block. As a result since we now
free the datapointed by the xdr message within
remoteDispatchDomainEventSend() , this errors wasn't shown before but
leads to a double free now.
BTW it seems we don't check all allocations in the xdr code (on purpose
?) for example make_nonnull_domain() doesn't check a strdup.
Could you check the following patch ?
Daniel
diff --git a/daemon/remote.c b/daemon/remote.c
index 38bbb10..1d9156c 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -356,7 +356,11 @@ static int remoteRelayDomainEventBlockJob(virConnectPtr conn ATTRIBUTE_UNUSED,
/* build return data */
memset(&data, 0, sizeof data);
make_nonnull_domain(&data.dom, dom);
- data.path = (char*)path;
+ data.path = strdup(path);
+ if (data.path == NULL) {
+ virReportOOMError();
+ return -1;
+ }
data.type = type;
data.status = status;
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel at veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
More information about the libvir-list
mailing list