On Sun, May 02, 2021 at 12:13:50 +0200, Peter Krempa wrote: > Commit 28a86993162f7d2f ( v6.9.0-179-g28a8699316 ) incorrectly replaced > VIR_EXPAND_N by g_renew. > > VIR_EXPAND_N has these two extra effects apart from reallocating memory: > > 1) The newly allocated memory is zeroed out > 2) The number of elements in the array which is passed to VIR_EXPAND_N > is increased. > > This comes into play when used with virDomainLeaseInsertPreAlloced, > which expects that the array element count already includes the space > for the added 'lease', by plainly just assigning to 'leases[nleases - 1' s/1/1]/ > > Since g_renew does not increase the number of elements in the array > any existing code which calls virDomainLeaseInsertPreAlloced thus either > overwrites a lease definition or corrupts the heap if there are no > leases to start with. > > To preserve existing functionality we revert the code back to using > VIR_EXPAND_N which at this point doesn't return any value, so other > commits don't need to be reverted. The second point could have been solved by passing ++def->nleases to g_renew. But using VIR_EXPAND_N instead solves both issues and we have a lot places with VIR_EXPAND_N so we can fix them all at some point if we want to drop this wrapper for some reason. Reviewed-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
