On Tue, Jan 07, 2014 at 03:38:48PM -0500, Chris Lalancette wrote: > On Tue, Jan 7, 2014 at 3:24 PM, Guido Günther <agx@xxxxxxxxxxx> wrote: > > The vir*List* functions return the number of fetched entries. We mustn't > > free more, otherwise we'll crash like > > > > #0 0xb779d424 in __kernel_vsyscall () > > #1 0xb733981f in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 > > #2 0xb733ccd3 in __GI_abort () at abort.c:90 > > #3 0xb7376275 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0xb74767d0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199 > > #4 0xb7380e52 in malloc_printerr (action=<optimized out>, str=<optimized out>, ptr=0xb7087000) at malloc.c:4923 > > #5 0xb7381b90 in _int_free (av=0xb74b7440 <main_arena>, p=0xb7086ff8, have_lock=0) at malloc.c:3779 > > #6 0xb75c059f in ruby_xfree () from /usr/lib/libruby-1.9.1.so.1.9 > > #7 0xb7076448 in ruby_libvirt_generate_list () from /usr/lib/ruby/vendor_ruby/1.9.1/i486-linux/_libvirt.so > > ... > > > > since we're trying to free random addresses. > > Hm, this is pretty weird. At all ruby_libvirt_generate_list() call > sites, there is a line of code that precedes it that checks for r < 0. > If r is less than 0, then we generate an exception, which means that > the code that follows should never be called, and thus we should never > need this patch. The check for < 0 might be superfluos but freeing num entries instead of only r ones looks wrong to me since r is the number of allocated names, not num. I'm happy to send a patch dropping the < 0 part. > Can you explain a bit more why this patch helps, and/or give me a test > case that will cause it to fail? I've been running test_nodedevice as non root which triggered this. Cheers, -- Guido > > Thanks, > Chris > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list