On 10/24/2014 01:01 PM, Shanzhi Yu wrote: > When split uri->scheme into two strings with "+", the second one will be s/split/splitting/ > "rdma://server/..", pass it to virStorageNetHostTransportTypeFromString > will lead libvirtd crash. So a second virStringSplit call is needed. Can you show the FULL string that is being passed into this function, and not just the string after the first split on '+'? That is, showing an easy formula of how to reproduce the bug makes it easier to know if the solution is right. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1156288 You have to assume that not everyone will click through this link. > Signed-off-by: Shanzhi Yu <shyu@xxxxxxxxxx> > --- > src/util/virstoragefile.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c > index 960aa23..795c188 100644 > --- a/src/util/virstoragefile.c > +++ b/src/util/virstoragefile.c > @@ -2144,6 +2144,9 @@ virStorageSourceParseBackingURI(virStorageSourcePtr src, > goto cleanup; > } > > + if (!(scheme = virStringSplit(scheme[1], ":", 2))) Ouch. Memory leak. You are overwriting the contents of malloc'd scheme with a new pointer. You'll need to send a v2. > + goto cleanup; > + > if (scheme[1] && > (src->hosts->transport = virStorageNetHostTransportTypeFromString(scheme[1])) < 0) { > virReportError(VIR_ERR_INTERNAL_ERROR, > -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list