[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] Fix crash in virNetDevGetVirtualFunctions



Commit 9a3ff01d7f16cc280ce3176620c0714f55511a65 (which was ACKed at
the end of January, but for some reason didn't get pushed until during
the 1.0.4 freeze) fixed the logic in virPCIGetVirtualFunctions().
Unfortunately, a typo in the fix (replacing VIR_REALLOC_N with
VIR_ALLOC_N during code movement) caused not only a memory leak, but
also resulted in most of the elements of the result array being
replaced with NULL. virNetDevGetVirtualFunctions() assumed (and I think
rightly so) that virPCIGetVirtualFunctions() wouldn't return any NULL
elements in the array, so it ended up segfaulting.

This was found when attempting to use a virtual network with an
auto-created pool of SRIOV VFs, e.g.:

    <forward mode='hostdev' managed='yes'>
      <pf dev='eth4'/>
    </forward>

(the pool of PCI addresses is discovered by calling
virNetDevGetVirtualFunctions() on the PF dev).
---
 src/util/virpci.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/virpci.c b/src/util/virpci.c
index a0da1cd..85cd694 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -2026,8 +2026,8 @@ virPCIGetVirtualFunctions(const char *sysfs_path,
                 continue;
             }
 
-            if (VIR_ALLOC_N(*virtual_functions,
-                            *num_virtual_functions + 1) < 0) {
+            if (VIR_REALLOC_N(*virtual_functions,
+                              *num_virtual_functions + 1) < 0) {
                 virReportOOMError();
                 VIR_FREE(config_addr);
                 goto error;
-- 
1.7.11.7


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]