On 16.6.2014 17:21, Peter Krempa wrote:
s/leasehelper/leaseshelper/ in subject
> When copying entries from the old lease file into the new array the old
> code would copy the pointer of the json object into the second array
> without removing it from the first. Afterwards when both arrays were
> freed this might lead to a crash due to access of already freed memory.
>
> Refactor the code to use the new array item stealing helper added to the
> json code so that the entry resides just in one array.
> ---
> src/network/leaseshelper.c | 79 +++++++++++++++++++++++++---------------------
> 1 file changed, 43 insertions(+), 36 deletions(-)
>
[..]
> - /* Check whether lease has to be included or not */
> - if (delete && STREQ(ip_tmp, ip))
> - continue;
> + /* Move old lease to new array */
> + lease_tmp = virJSONValueArraySteal(leases_array, i);
There is a possible memory leak if the append fails. Probably move this
function after the successful append and ignore the return value.
>
> - /* Add old lease to new array */
> - if (virJSONValueArrayAppend(leases_array_new, lease_tmp) < 0) {
> - virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> - _("failed to create json"));
> - goto cleanup;
> + if (virJSONValueArrayAppend(leases_array_new, lease_tmp) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("failed to create json"));
> + goto cleanup;
> + }
> + }
> }
> }
>
ACK with changes
Pavel
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list