[Libguestfs] [nbdkit PATCH] nbd: Fix memory leak
Eric Blake
eblake at redhat.com
Sat Dec 2 21:03:49 UTC 2017
On 12/02/2017 12:21 PM, Richard W.M. Jones wrote:
> On Sat, Dec 02, 2017 at 11:52:31AM -0600, Eric Blake wrote:
>> When converting from a single transaction to a linked list, I
>> forgot to free the storage for each member of the list.
>>
>> Reported-by: Richard W.M. Jones <rjones at redhat.com>
>> Fixes: 7f5bb9bf13f041ea7702bda557d9dd668bc3423a
>> Signed-off-by: Eric Blake <eblake at redhat.com>
>> ---
>>
>> I'm still not sure why 'make check' passes while 'make check-valgrind'
>> fails for TESTS=test-nbd, but this at least avoids the memory leak.
>>
>> *fd = trans->u.fds[1];
>> + free (trans);
>> switch (be32toh (rep.error)) {
>> case NBD_SUCCESS:
>> if (trans->buf && read_full (h->fd, trans->buf, trans->count) < 0)
>
> Can this be right? valgrind seems to be saying that there are
> double-free errors when I add this patch (see below).
Rather, use after free. The patch avoids the leak, but didn't do it
quite correctly. v2 coming up, and now I know why check-valgrind failed.
Sometimes, it's hard to see the actual error message because of
everything else that is also in the log.
> ==18076== Thread 3:
> ==18076== Invalid read of size 8
> ==18076== at 0x77EBB08: nbd_reply_raw (nbd.c:340)
> ==18076== by 0x77EBB08: nbd_reader (nbd.c:373)
> ==18076== by 0x55DC55A: start_thread (in /usr/lib64/libpthread-2.26.9000.so)
> ==18076== by 0x58E85AE: clone (in /usr/lib64/libc-2.26.9000.so)
> ==18076== Address 0x7452fc8 is 8 bytes inside a block of size 32 free'd
> ==18076== at 0x4C2ED18: free (vg_replace_malloc.c:530)
> ==18076== by 0x77EB996: nbd_reply_raw (nbd.c:337)
> ==18076== by 0x77EB996: nbd_reader (nbd.c:373)
> ==18076== by 0x55DC55A: start_thread (in /usr/lib64/libpthread-2.26.9000.so)
> ==18076== by 0x58E85AE: clone (in /usr/lib64/libc-2.26.9000.so)
> ==18076== Block was alloc'd at
> ==18076== at 0x4C2FA1E: calloc (vg_replace_malloc.c:711)
> ==18076== by 0x77EBBAF: nbd_request_full (nbd.c:264)
> ==18076== by 0x77EBD98: nbd_pread (nbd.c:602)
> ==18076== by 0x405986: handle_request (connections.c:884)
> ==18076== by 0x405986: recv_request_send_reply (connections.c:1061)
> ==18076== by 0x405AE7: connection_worker (connections.c:200)
> ==18076== by 0x55DC55A: start_thread (in /usr/lib64/libpthread-2.26.9000.so)
> ==18076== by 0x58E85AE: clone (in /usr/lib64/libc-2.26.9000.so)
But I also see you managed to get CFLAGS=-g propagated to the plugin in
this trace.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20171202/af0d15bb/attachment.sig>
More information about the Libguestfs
mailing list