[PATCH] Delete a harmful variable in xend_parse_sexp_desc()

Masayuki Sunou <fj1826dm@xxxxxxxxxxxxxxxxx> · Mon, 27 Aug 2007 17:37:29 +0900

Hi

Xend_parse_sexp_desc() of xend_internal.c declares a variable named
"ret" to buffer SXP.
However, it actually uses "buf.content" not "ret" and allocates memory
to "buf" when size of "ret" became insufficient. 
 --> virBufferAdd(&buf, ...);, virBufferVSprintf(&buf, ...)
So freeing "ret" fails, because "ret" refers to an address unlike "buf.contents"
As a result, a segmentation fault occurs.

This patch fixes so that xend_parse_sexp_desc() uses "buf.contents" not "ret".

Signed-off-by: Masayuki Sunou <fj1826dm@xxxxxxxxxxxxxxxxx>

Thanks,
Masayuki Sunou.

--------------------------------------------------------------------------------
Index: src/xend_internal.c
===================================================================
RCS file: /data/cvs/libvirt/src/xend_internal.c,v
retrieving revision 1.135
diff -u -p -r1.135 xend_internal.c

--- src/xend_internal.c	21 Aug 2007 09:31:12 -0000	1.135
+++ src/xend_internal.c	27 Aug 2007 07:47:03 -0000
@@ -1346,7 +1346,6 @@ xend_parse_sexp_desc_os(virConnectPtr xe
 static char *
 xend_parse_sexp_desc(virConnectPtr conn, struct sexpr *root, int xendConfigVersion)
 {
-    char *ret;
     struct sexpr *cur, *node;
     const char *tmp;
     char *tty;
@@ -1362,10 +1361,9 @@ xend_parse_sexp_desc(virConnectPtr conn,
         /* ERROR */
         return (NULL);
     }
-    ret = malloc(4000);
-    if (ret == NULL)
+    buf.content = malloc(4000);
+    if (buf.content == NULL)
         return (NULL);
-    buf.content = ret;
     buf.size = 4000;
     buf.use = 0;
 
@@ -1762,11 +1760,11 @@ xend_parse_sexp_desc(virConnectPtr conn,
     virBufferAdd(&buf, "</domain>\n", 10);
 
     buf.content[buf.use] = 0;
-    return (ret);
+    return (buf.content);
 
   error:
-    if (ret != NULL)
-        free(ret);
+    if (buf.content != NULL)
+        free(buf.content);
     return (NULL);
 }
 
--------------------------------------------------------------------------------

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




