Re: [PATCH] Delete a harmful variable in xend_parse_sexp_desc()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 27, 2007 at 05:37:29PM +0900, Masayuki Sunou wrote:
> Hi
> 
> Xend_parse_sexp_desc() of xend_internal.c declares a variable named
> "ret" to buffer SXP.
> However, it actually uses "buf.content" not "ret" and allocates memory
> to "buf" when size of "ret" became insufficient. 
>  --> virBufferAdd(&buf, ...);, virBufferVSprintf(&buf, ...)
> So freeing "ret" fails, because "ret" refers to an address unlike "buf.contents"
> As a result, a segmentation fault occurs.
> 
> This patch fixes so that xend_parse_sexp_desc() uses "buf.contents" not "ret".

  Oh, right, that's fairly nasty, and will occur only if the size of
the XML grow over 4kB ! I tried to look for other patterns like that in
the code but hopefully that's the only place where this was done.
  Thanks a lot for the patch, applied and commited !

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]