Re: [PATCH] daemon: Fix crash in virTypedParameterArrayClear

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 30, 2012 at 22:52:23 +0800, Osier Yang wrote:
> >> On 2012年07月30日 19:55, Jiri Denemark wrote:
> >>> Daemon uses the following pattern when dispatching APIs with typed
> >>> parameters:
> >>>
> >>>       VIR_ALLOC_N(params, nparams);
> >>>       virDomain*(dom, params,&nparams, flags);
> >>>       virTypedParameterArrayClear(params, nparams);
> >>>
> >>> In case nparams was originally set to 0, virDomain* API would fill it
> >>> with the number of typed parameters it can provide and we would use this
> >>> number (rather than zero) to clear params. Because VIR_ALLOC* returns
> >>> non-NULL pointer even if size is 0, the code would end up walking
> >>> through random memory. If we were lucky enough and the memory contained
> >>> 7 (VIR_TYPED_PARAM_STRING) at the right place, we would try to free a
> >>> random pointer and crash.
> >>>
> >>> Let's make sure params stays NULL when nparams is 0.
> >>>
> Makes sense, ACK.

Pushed, thanks.

Jirka

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]