[Libguestfs] [PATCH] daemon: Don't xdr_free uninitialized args struct on error paths.

[Richard W.M. Jones]

From: "Richard W.M. Jones" <rjones at redhat.com>

For stubs of functions that had arguments, code did this:

static void
mount_stub (XDR *xdr_in)
{
  int r;
  struct guestfs_mount_args args;

  if (optargs_bitmask != 0) {
    //...
    goto done;
  }
  // possibly other tests here

  memset (&args, 0, sizeof args);

  [...]

done:
  xdr_free ((xdrproc_t) xdr_guestfs_mount_args, (char *) &args);
  return;
}

This caused xdr_free to be called on uninitialized 'args' struct,
causing a segfault.

The fix is to add another label, so the code looks like:

static void
mount_stub (XDR *xdr_in)
{
  int r;
  struct guestfs_mount_args args;

  if (optargs_bitmask != 0) {
    //...
    goto done_no_free;
  }
  // possibly other tests here

  memset (&args, 0, sizeof args);

  [...]

done:
  xdr_free ((xdrproc_t) xdr_guestfs_mount_args, (char *) &args);
done_no_free:
  return;
}

This fixes commit 330fbea5b2d6bd7db84f7ea7afe87cf1bcd438e0
and commit 0344248af55802bbbd816b349ec1ba9305996f6e.
---
 generator/generator_daemon.ml |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/generator/generator_daemon.ml b/generator/generator_daemon.ml
index 0eb2446..8c96061 100644
--- a/generator/generator_daemon.ml
+++ b/generator/generator_daemon.ml
@@ -136,7 +136,7 @@ and generate_daemon_actions () =
           pr "                      \"build of libguestfs.  Read 'AVAILABILITY' in the guestfs(3) man page for\\n\"\n";
           pr "                      \"how to check for the availability of features.\",\n";
           pr "                      \"%s\");\n" group;
-          pr "    goto done;\n";
+          pr "    goto done_no_free;\n";
           pr "  }\n";
           pr "\n"
         | _ -> ()
@@ -154,14 +154,14 @@ and generate_daemon_actions () =
         if is_filein then
           pr "    cancel_receive ();\n";
         pr "    reply_with_error (\"unknown option in optional arguments bitmask (this can happen if a program is compiled against a newer version of libguestfs, then run against an older version of the daemon)\");\n";
-        pr "    goto done;\n";
+        pr "    goto done_no_free;\n";
         pr "  }\n";
       ) else (
         pr "  if (optargs_bitmask != 0) {\n";
         if is_filein then
           pr "    cancel_receive ();\n";
         pr "    reply_with_error (\"header optargs_bitmask field must be passed as 0 for calls that don't take optional arguments\");\n";
-        pr "    goto done;\n";
+        pr "    goto done_no_free;\n";
         pr "  }\n";
       );
       pr "\n";
@@ -339,6 +339,7 @@ and generate_daemon_actions () =
            pr "  xdr_free ((xdrproc_t) xdr_guestfs_%s_args, (char *) &args);\n"
              name
       );
+      pr "done_no_free:\n";
       pr "  return;\n";
       pr "}\n\n";
   ) daemon_functions;
-- 
1.7.9