Eric Blake wrote:
> On 05/07/2012 01:29 PM, Jim Meyering wrote:
>> Investigating a build problem reported by Laine,
>> I was surprised to see "make check" fail on F17 due to a
>> glibc invalid free abort. Ok to push to master?
>>
>>>From 61a559e0b2f4bded3059c5be7c958e2276f7fd16 Mon Sep 17 00:00:00 2001
>> From: Jim Meyering <meyering@xxxxxxxxxx>
>> Date: Mon, 7 May 2012 21:22:09 +0200
>> Subject: [PATCH] virsh: avoid heap corruption leading to virsh abort
>>
>> * tools/virsh.c (vshParseSnapshotDiskspec): Fix off-by-3 memmove
>> that would corrupt heap when parsing escaped --diskspec comma.
>> Bug introduced via commit v0.9.4-260-g35d52b5.
>> ---
>> tools/virsh.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/tools/virsh.c b/tools/virsh.c
>> index 1207ac9..dd9292a 100644
>> --- a/tools/virsh.c
>> +++ b/tools/virsh.c
>> @@ -16107,7 +16107,7 @@ vshParseSnapshotDiskspec(vshControl *ctl, virBufferPtr buf, const char *str)
>> while ((tmp = strchr(tmp, ','))) {
>> if (tmp[1] == ',') {
>> /* Recognize ,, as an escape for a literal comma */
>> - memmove(&tmp[1], &tmp[2], len - (tmp - spec) + 2);
>> + memmove(&tmp[1], &tmp[2], len - (tmp - spec) - 2 + 1);
>
> ACK.
Thanks for the quick review. Pushed.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list