Re: [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/08/2013 10:48 AM, Alex Jia wrote:
> Valgrind defects memory error:
> 
> ==16759== 1 errors in context 1 of 8:
> ==16759== Invalid free() / delete / delete[] / realloc()
> ==16759==    at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
> ==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
> ==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
> ==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
> ==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
> ==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
> ==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
> ==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
> ==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
> ==16759==    by 0x126FFB: main (virsh.c:3205)
> ==16759==  Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd
> 
> ==16759== 1 errors in context 2 of 8:
> ==16759== Conditional jump or move depends on uninitialised value(s)
> ==16759==    at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
> ==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
> ==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
> ==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
> ==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
> ==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
> ==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
> ==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
> ==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
> ==16759==    by 0x126FFB: main (virsh.c:3205)
> ==16759==  Uninitialised value was created by a stack allocation
> ==16759==    at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423)
> 
> How to reproduce?
> 
> # virsh start <domain> --paused
> 
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855
> 
> 
> Signed-off-by: Alex Jia <ajia@xxxxxxxxxx>
> ---
>  src/remote/remote_driver.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index f828eef..71d0034 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags)
>      make_nonnull_domain(&args.dom, dom);
>      args.flags = flags;
>  
> +    memset(&ret, 0, sizeof(ret));
>      if (call(dom->conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS,
>               (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)&args,
>               (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)&ret) == -1) {
> 

ACK.

I wonder whether we could de-duplicate this since all similar functions
call this, but call() doesn't know the structure size :(

Martin

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]