[libvirt] [PATCH v3 1/4] qemu: Fix segfault when parsing private domain data
Martin Kletzander
mkletzan at redhat.com
Thu Aug 13 13:16:10 UTC 2015
On Thu, Aug 13, 2015 at 09:04:52AM -0400, John Ferlan wrote:
>
>
>On 08/13/2015 04:18 AM, Martin Kletzander wrote:
>> When parsing private domain data, there are two paths that are flawed.
>> They are both error paths, just from different parts of the function.
>> One of them can call free() on an uninitialized pointer. Initialization
>> to NULL is enough here. The other one is a bit trickier to explain, but
>> as easy as the first one to fix. We create capabilities, parse them and
>> then assign them into the private data pointer inside the domain object.
>> If, however, we get to fail from now on, the error path calls unrefs the
>> capabilities and then, when the domain object is being cleaned,
>> qemuDomainObjPrivateFree() tries to unref them as well. That causes a
>> segfault. Settin the pointer to NULL upon successful addition to the
>
>s/Settin/Setting
>
>> private data is enough.
>>
>> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
>> ---
>> src/qemu/qemu_domain.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>
>Could have been 2 patches though to fix 2 different bugs...
>
>Good catch on the second one - that was well hidden...
>
>John
>
>(and I see Jan's ACK'd the whole series - so whether this gets to you in
>time or not relies on the speed of email)
>
And the period I have set for retrieving emails. Sorry, I just pushed
it. I though some would hate that I'm sending two lines as two
commits, but I have no problem splitting even these next time :)
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index abf52c9c38fa..8fe7c75d19c9 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
>> @@ -627,7 +627,7 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
>> {
>> qemuDomainObjPrivatePtr priv = vm->privateData;
>> char *monitorpath;
>> - char *tmp;
>> + char *tmp = NULL;
>> int n;
>> size_t i;
>> xmlNodePtr *nodes = NULL;
>> @@ -715,6 +715,7 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
>> }
>>
>> priv->qemuCaps = qemuCaps;
>> + qemuCaps = NULL;
>> }
>> VIR_FREE(nodes);
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150813/0758e34c/attachment-0001.sig>
More information about the libvir-list
mailing list