[libvirt] libvirt-0.9.5 availability of rc2

Daniel Veillard veillard at redhat.com
Mon Sep 19 08:04:04 UTC 2011


On Sun, Sep 18, 2011 at 09:37:22AM -0500, Adam Litke wrote:
> I am getting SIGABRT and SIGSEGV in libvirtd when trying to catch blockJob
> events.
> 
> When running under valgrind I get the following:
> ==19819== Thread 1:
> ==19819== Invalid free() / delete / delete[]
> ==19819==    at 0x4C282ED: free (vg_replace_malloc.c:366)
> ==19819==    by 0x4E7B48: virFree (memory.c:310)
> ==19819==    by 0x7669C32: virDomainEventFree (domain_event.c:510)
> ==19819==    by 0x766AFE2: virDomainEventQueueDispatch (domain_event.c:1154)
> ==19819==    by 0x766B19D: virDomainEventStateFlush (domain_event.c:1195)
> ==19819==    by 0x483E15: qemuDomainEventFlush (qemu_domain.c:134)
> ==19819==    by 0x507535: virEventPollRunOnce (event_poll.c:421)
> ==19819==    by 0x4E6D44: virEventRunDefaultImpl (event.c:247)
> ==19819==    by 0x44813C: virNetServerRun (virnetserver.c:701)
> ==19819==    by 0x41FECE: main (libvirtd.c:1564)
> ==19819==  Address 0x131b0a30 is 0 bytes inside a block of size 15 free'd
> ==19819==    at 0x4C282ED: free (vg_replace_malloc.c:366)
> ==19819==    by 0x7FB006C: xdr_string (xdr.c:722)
> ==19819==    by 0x43A5FD: xdr_remote_nonnull_string (remote_protocol.c:30)
> ==19819==    by 0x442E2B: xdr_remote_domain_event_block_job_msg
> (remote_protocol.c:4000)
> ==19819==    by 0x7FAF6C4: xdr_free (xdr.c:72)
> ==19819==    by 0x431BDA: remoteRelayDomainEventBlockJob (remote.c:363)


  Hum, I wonder if remoteRelayDomainEventBlockJob shouldn't strdup the
path string instead of using it directly in the
remote_domain_event_block_job_msg block. As a result since we now
free the datapointed by the xdr message within
remoteDispatchDomainEventSend() , this errors wasn't shown before but
leads to a double free now.

BTW it seems we don't check all allocations in the xdr code (on purpose
?) for example make_nonnull_domain() doesn't check a strdup.

Could you check the following patch ?

Daniel

diff --git a/daemon/remote.c b/daemon/remote.c
index 38bbb10..1d9156c 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -356,7 +356,11 @@ static int remoteRelayDomainEventBlockJob(virConnectPtr conn ATTRIBUTE_UNUSED,
     /* build return data */
     memset(&data, 0, sizeof data);
     make_nonnull_domain(&data.dom, dom);
-    data.path = (char*)path;
+    data.path = strdup(path);
+    if (data.path == NULL) {
+        virReportOOMError();
+        return -1;
+    }
     data.type = type;
     data.status = status;
 
-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/




More information about the libvir-list mailing list