[libvirt] [PATCH 1/2] bhyve: fix crash in bhyveBuildNetArgStr

Eric Blake eblake at redhat.com
Fri Jun 13 16:58:09 UTC 2014


On 06/13/2014 10:48 AM, Roman Bogorodskiy wrote:
> bhyveBuildNetArgStr() calls virNetDevTapCreateInBridgePort() and
> passes tapfd = NULL, but tapfdSize = 1. That is wrong, because
> if virNetDevTapCreateInBridgePort() crashes after successfully
> creating a TAP device, it'll jump to 'error' label, that
> loops over tapfd and calls VIR_FORCE_CLOSE:
> 
>    for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)
> 
> In that case we get a segfault.
> 
> As the bhyve code doesn't use tapfd, pass NULL and set tapfdSize to 0.
> ---
>  src/bhyve/bhyve_command.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)

ACK.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140613/1ff606cc/attachment-0001.sig>


More information about the libvir-list mailing list