[Libguestfs] [PATCH 1/2] options: Fix segfault when multiple --key parameters given.
Richard W.M. Jones
rjones at redhat.com
Tue Nov 12 18:35:11 UTC 2019
Easily reproducible using:
$ guestfish --key dev1:key:key1 --key dev2:key:key2
causing this stack trace (or others depending on where the memory
corruption was caught):
Program received signal SIGABRT, Aborted.
0x00007ffff7905625 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff7905625 in raise () from /lib64/libc.so.6
#1 0x00007ffff78ee8d9 in abort () from /lib64/libc.so.6
#2 0x00007ffff79494af in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff7950a6c in malloc_printerr () from /lib64/libc.so.6
#4 0x00007ffff79528d0 in _int_free () from /lib64/libc.so.6
#5 0x00005555555bdd6e in free_key_store ()
#6 0x0000555555589027 in main ()
(gdb) quit
---
options/keys.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/options/keys.c b/options/keys.c
index 7f68986..f783066 100644
--- a/options/keys.c
+++ b/options/keys.c
@@ -216,7 +216,8 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
}
assert (ks != NULL);
- new_keys = realloc (ks->keys, sizeof (*ks->keys) + 1);
+ new_keys = realloc (ks->keys,
+ (ks->nr_keys + 1) * sizeof (struct key_store_key));
if (!new_keys)
error (EXIT_FAILURE, errno, "realloc");
--
2.23.0
More information about the Libguestfs
mailing list