Re: [PATCH v2] Set the number of elements 0 in virNetwork*Clear

Michal Privoznik <mprivozn@xxxxxxxxxx> · Fri, 26 Jul 2013 13:00:34 +0200



On 26.07.2013 12:54, Ján Tomko wrote:
> Decrementing it when it was already 0 causes an invalid free
> in virNetworkDefUpdateDNSHost if virNetworkDNSHostDefParseXML
> fails and virNetworkDNSHostDefClear gets called twice.
> 
> virNetworkForwardDefClear left the number untouched even if it
> freed all the elements.
> ---
>  src/conf/network_conf.c | 21 +++++++++++----------
>  1 file changed, 11 insertions(+), 10 deletions(-)
> 
> diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
> index d616e12..490b04d 100644
> --- a/src/conf/network_conf.c
> +++ b/src/conf/network_conf.c
> @@ -134,8 +134,8 @@ virNetworkIpDefClear(virNetworkIpDefPtr def)
>      VIR_FREE(def->family);
>      VIR_FREE(def->ranges);
>  
> -    while (def->nhosts--)
> -        virNetworkDHCPHostDefClear(&def->hosts[def->nhosts]);
> +    while (def->nhosts)
> +        virNetworkDHCPHostDefClear(&def->hosts[--def->nhosts]);
>  
>      VIR_FREE(def->hosts);
>      VIR_FREE(def->tftproot);
> @@ -158,8 +158,8 @@ virNetworkDNSTxtDefClear(virNetworkDNSTxtDefPtr def)
>  static void
>  virNetworkDNSHostDefClear(virNetworkDNSHostDefPtr def)
>  {
> -    while (def->nnames--)
> -        VIR_FREE(def->names[def->nnames]);
> +    while (def->nnames)
> +        VIR_FREE(def->names[--def->nnames]);
>      VIR_FREE(def->names);
>  }
>  
> @@ -176,18 +176,18 @@ static void
>  virNetworkDNSDefClear(virNetworkDNSDefPtr def)
>  {
>      if (def->txts) {
> -        while (def->ntxts--)
> -            virNetworkDNSTxtDefClear(&def->txts[def->ntxts]);
> +        while (def->ntxts)
> +            virNetworkDNSTxtDefClear(&def->txts[--def->ntxts]);
>          VIR_FREE(def->txts);
>      }
>      if (def->hosts) {
> -        while (def->nhosts--)
> -            virNetworkDNSHostDefClear(&def->hosts[def->nhosts]);
> +        while (def->nhosts)
> +            virNetworkDNSHostDefClear(&def->hosts[--def->nhosts]);
>          VIR_FREE(def->hosts);
>      }
>      if (def->srvs) {
> -        while (def->nsrvs--)
> -            virNetworkDNSSrvDefClear(&def->srvs[def->nsrvs]);
> +        while (def->nsrvs)
> +            virNetworkDNSSrvDefClear(&def->srvs[--def->nsrvs]);
>          VIR_FREE(def->srvs);
>      }
>  }
> @@ -206,6 +206,7 @@ virNetworkForwardDefClear(virNetworkForwardDefPtr def)
>          virNetworkForwardIfDefClear(&def->ifs[i]);
>      }
>      VIR_FREE(def->ifs);
> +    def->nifs = def->npfs = 0;
>  }
>  
>  void
> 

ACK

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list