On Fri, Mar 30, 2018 at 12:59:07PM +0200, Peter Krempa wrote: > Coverity was not wrong about the usage of 'a'/'A' modifiers for > virJSONValueObjectAddVArgs as noted in [1]. Fix the possible > leak/double-free, and add test to make sure it works as expected. Do you have any idea how to trigger the double-free scenario ? In particular is it something that a broken / malicious QEMU monitor / guest agent can cause us todo. If so we'll need to request a CVE assignment for this flaw. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
