[libvirt] [PATCH 0/9] json: Fix leak/double-free, clean up code and privatize virJSONValue
Daniel P. Berrangé
berrange at redhat.com
Tue Apr 3 10:56:33 UTC 2018
On Fri, Mar 30, 2018 at 12:59:07PM +0200, Peter Krempa wrote:
> Coverity was not wrong about the usage of 'a'/'A' modifiers for
> virJSONValueObjectAddVArgs as noted in [1]. Fix the possible
> leak/double-free, and add test to make sure it works as expected.
Do you have any idea how to trigger the double-free scenario ? In particular
is it something that a broken / malicious QEMU monitor / guest agent can
cause us todo. If so we'll need to request a CVE assignment for this flaw.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list