Re: [PATCH v3 1/4] qemu: Fix segfault when parsing private domain data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Aug 13, 2015 at 09:04:52AM -0400, John Ferlan wrote:



On 08/13/2015 04:18 AM, Martin Kletzander wrote:

When parsing private domain data, there are two paths that are flawed.
They are both error paths, just from different parts of the function.
One of them can call free() on an uninitialized pointer.  Initialization
to NULL is enough here.  The other one is a bit trickier to explain, but
as easy as the first one to fix.  We create capabilities, parse them and
then assign them into the private data pointer inside the domain object.
If, however, we get to fail from now on, the error path calls unrefs the
capabilities and then, when the domain object is being cleaned,
qemuDomainObjPrivateFree() tries to unref them as well.  That causes a
segfault.  Settin the pointer to NULL upon successful addition to the


s/Settin/Setting


private data is enough.

Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
---
 src/qemu/qemu_domain.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)



Could have been 2 patches though to fix 2 different bugs...

Good catch on the second one - that was well hidden...

John

(and I see Jan's ACK'd the whole series - so whether this gets to you in
time or not relies on the speed of email)



And the period I have set for retrieving emails.  Sorry, I just pushed
it.  I though some would hate that I'm sending two lines as two
commits, but I have no problem splitting even these next time :)


diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index abf52c9c38fa..8fe7c75d19c9 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -627,7 +627,7 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
     char *monitorpath;
-    char *tmp;
+    char *tmp = NULL;
     int n;
     size_t i;
     xmlNodePtr *nodes = NULL;
@@ -715,6 +715,7 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt,
         }

         priv->qemuCaps = qemuCaps;
+        qemuCaps = NULL;
     }
     VIR_FREE(nodes);

Attachment: signature.asc
Description: PGP signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]