On 18.10.2012 17:02, Jiri Denemark wrote:
> On Thu, Oct 18, 2012 at 16:44:24 +0200, Michal Privoznik wrote:
>> which frees all allocated memory but doesn't set the passed pointer to
>> NULL. Therefore, we must do it ourselves. This is causing actual
>> libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should
>> be dropped. And the memory is freed, indeed. However, the pointer is
>> not set to NULL but kept instead. And the next duo of calls 'virsh
>> net-start' and 'virsh net-destroy' starts the disaster. The latter one
>> does the same as 'virsh destroy'; it sees that newDef is nonNULL so it
>> replaces def with newDef (which has been freed already as said a few
>> lines above). Therefore any subsequent call accessing def will hit the ground.
>> ---
>> src/conf/network_conf.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
>> index 891d48c..0f7470d 100644
>> --- a/src/conf/network_conf.c
>> +++ b/src/conf/network_conf.c
>> @@ -260,8 +260,9 @@ virNetworkObjAssignDef(virNetworkObjPtr network,
>> return -1;
>> }
>> } else if (!live) {
>> - virNetworkDefFree(network->newDef); /* should be unnecessary */
>> + virNetworkDefFree(network->newDef);
>> virNetworkDefFree(network->def);
>> + network->newDef = NULL;
>> network->def = def;
>> } else {
>> virReportError(VIR_ERR_OPERATION_INVALID,
>
> ACK
>
> Jirka
>
Thanks, pushed.
Michal
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list