[Libguestfs] [PATCH 1/2] options: Fix segfault when multiple --key parameters given.
Pino Toscano
ptoscano at redhat.com
Fri Nov 15 14:08:52 UTC 2019
On Tuesday, 12 November 2019 19:35:11 CET Richard W.M. Jones wrote:
> Easily reproducible using:
>
> $ guestfish --key dev1:key:key1 --key dev2:key:key2
>
> causing this stack trace (or others depending on where the memory
> corruption was caught):
>
> Program received signal SIGABRT, Aborted.
> 0x00007ffff7905625 in raise () from /lib64/libc.so.6
> (gdb) bt
> #0 0x00007ffff7905625 in raise () from /lib64/libc.so.6
> #1 0x00007ffff78ee8d9 in abort () from /lib64/libc.so.6
> #2 0x00007ffff79494af in __libc_message () from /lib64/libc.so.6
> #3 0x00007ffff7950a6c in malloc_printerr () from /lib64/libc.so.6
> #4 0x00007ffff79528d0 in _int_free () from /lib64/libc.so.6
> #5 0x00005555555bdd6e in free_key_store ()
> #6 0x0000555555589027 in main ()
> (gdb) quit
> ---
> options/keys.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/options/keys.c b/options/keys.c
> index 7f68986..f783066 100644
> --- a/options/keys.c
> +++ b/options/keys.c
> @@ -216,7 +216,8 @@ key_store_import_key (struct key_store *ks, const struct key_store_key *key)
> }
> assert (ks != NULL);
>
> - new_keys = realloc (ks->keys, sizeof (*ks->keys) + 1);
> + new_keys = realloc (ks->keys,
> + (ks->nr_keys + 1) * sizeof (struct key_store_key));
Theoretically, sizeof (*ks->keys) should still be fine, instead of
explicitly spelling the struct name.
Apart from that, LGTM.
--
Pino Toscano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20191115/438dfa53/attachment.sig>
More information about the Libguestfs
mailing list