On 05/07/2012 01:29 PM, Jim Meyering wrote:
> Investigating a build problem reported by Laine,
> I was surprised to see "make check" fail on F17 due to a
> glibc invalid free abort. Ok to push to master?
>
>>From 61a559e0b2f4bded3059c5be7c958e2276f7fd16 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering@xxxxxxxxxx>
> Date: Mon, 7 May 2012 21:22:09 +0200
> Subject: [PATCH] virsh: avoid heap corruption leading to virsh abort
>
> * tools/virsh.c (vshParseSnapshotDiskspec): Fix off-by-3 memmove
> that would corrupt heap when parsing escaped --diskspec comma.
> Bug introduced via commit v0.9.4-260-g35d52b5.
> ---
> tools/virsh.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/virsh.c b/tools/virsh.c
> index 1207ac9..dd9292a 100644
> --- a/tools/virsh.c
> +++ b/tools/virsh.c
> @@ -16107,7 +16107,7 @@ vshParseSnapshotDiskspec(vshControl *ctl, virBufferPtr buf, const char *str)
> while ((tmp = strchr(tmp, ','))) {
> if (tmp[1] == ',') {
> /* Recognize ,, as an escape for a literal comma */
> - memmove(&tmp[1], &tmp[2], len - (tmp - spec) + 2);
> + memmove(&tmp[1], &tmp[2], len - (tmp - spec) - 2 + 1);
ACK.
/me crawls in a hole for introducing that bug
--
Eric Blake eblake@xxxxxxxxxx +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list