I noticed a new test failure on rawhide, ran valgrind ./qemuxml2xmltest and got this: ==14847== Invalid free() / delete / delete[] ==14847== at 0x4A0609F: free (vg_replace_malloc.c:323) ==14847== by 0x409DF8: qemudParseXML (qemu_conf.c:2149) ==14847== by 0x40CBE0: qemudParseVMDef (qemu_conf.c:2982) ==14847== by 0x4021CD: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35) ==14847== by 0x4022EA: testCompareXMLToXMLHelper (qemuxml2xmltest.c:68) ==14847== by 0x40291B: virtTestRun (testutils.c:79) ==14847== by 0x402436: main (qemuxml2xmltest.c:100) ==14847== Address 0x4cd3d68 is 0 bytes inside a block of size 72 free'd ==14847== at 0x4A0609F: free (vg_replace_malloc.c:323) ==14847== by 0x408731: qemudParseXML (qemu_conf.c:1738) ==14847== by 0x40CBE0: qemudParseVMDef (qemu_conf.c:2982) ==14847== by 0x4021CD: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35) ==14847== by 0x4022EA: testCompareXMLToXMLHelper (qemuxml2xmltest.c:68) ==14847== by 0x40291B: virtTestRun (testutils.c:79) ==14847== by 0x402436: main (qemuxml2xmltest.c:100) Here's the fix: >From 777e199f2d680ec302b7604e030a41da2c62cb49 Mon Sep 17 00:00:00 2001 From: Jim Meyering <meyering@xxxxxxxxxx> Date: Fri, 16 May 2008 08:18:31 +0200 Subject: [PATCH] avoid a double-free bug * src/qemu_conf.c (qemudParseXML): Ensure that "obj" is either NULL or a valid malloc'd pointer before we might "goto error" where it is freed. --- diff --git a/src/qemu_conf.c b/src/qemu_conf.c index 458f5df..1a7ab46 100644 --- a/src/qemu_conf.c +++ b/src/qemu_conf.c @@ -1736,6 +1736,7 @@ static struct qemud_vm_def *qemudParseXML(virConnectPtr conn, } else { strcpy(def->os.type, (const char *)obj->stringval); xmlXPathFreeObject(obj); + obj = NULL; } if (!virCapabilitiesSupportsGuestOSType(driver->caps, def->os.type)) { -- 1.5.5.1.249.g26848 -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list