The attached patch (taken from my modified Fedora 22 source rpm,
1.2.13.1-2.fc22, sorry), fixes a case where, in the test driver, memory
is accessed after it's freed.
Patch applies to latest git with:
Hunk #1 succeeded at 4395 (offset -469 lines).
The illegal access was found using valgrind.
The function testStoragePoolUndefine() calls virStoragePoolObjRemove()
(which seems to free the memory for that pool structure) and then in the
cleanup stanza calls virStoragePoolObjUnlock() which tampers with the
freed structure.
--
Thanks,
David Mansfield
From: David Mansfield <dmansfield@xxxxxxxxx>
Date: Tue, 15 Sep 2015 10:05:56 -0400
Subject: [PATCH] test driver: don't unlock pool after freeing it
The test driver was unlocking the pool object after it had been
freed causing memory corruption.
diff --git a/src/test/test_driver.c b/src/test/test_driver.c
index a386270..c2256dc 100644
--- a/src/test/test_driver.c
+++ b/src/test/test_driver.c
@@ -4864,8 +4864,10 @@ testStoragePoolUndefine(virStoragePoolPtr pool)
ret = 0;
cleanup:
- if (privpool)
- virStoragePoolObjUnlock(privpool);
+ // privpool cannot be unlocked because memory for it has been
+ // freed by the virStoragePoolObjRemove call above
+ // if (privpool)
+ // virStoragePoolObjUnlock(privpool);
testDriverUnlock(privconn);
return ret;
}
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list