On Mon, Aug 27, 2007 at 05:37:29PM +0900, Masayuki Sunou wrote: > Hi > > Xend_parse_sexp_desc() of xend_internal.c declares a variable named > "ret" to buffer SXP. > However, it actually uses "buf.content" not "ret" and allocates memory > to "buf" when size of "ret" became insufficient. > --> virBufferAdd(&buf, ...);, virBufferVSprintf(&buf, ...) > So freeing "ret" fails, because "ret" refers to an address unlike "buf.contents" > As a result, a segmentation fault occurs. > > This patch fixes so that xend_parse_sexp_desc() uses "buf.contents" not "ret". Oh, right, that's fairly nasty, and will occur only if the size of the XML grow over 4kB ! I tried to look for other patterns like that in the code but hopefully that's the only place where this was done. Thanks a lot for the patch, applied and commited ! Daniel -- Red Hat Virtualization group http://redhat.com/virtualization/ Daniel Veillard | virtualization library http://libvirt.org/ veillard@xxxxxxxxxx | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list