[Libvir] Segfault with invalid virConnectPtr

Richard W.M. Jones rjones at redhat.com
Fri Aug 24 09:41:55 UTC 2007 

Program terminated with signal 11, Segmentation fault.
#0  0x0000003d8b472a1b in free () from /lib64/libc.so.6
(gdb) bt
#0  0x0000003d8b472a1b in free () from /lib64/libc.so.6
#1  0x00002aaaaaae8dd7 in virResetError (err=0x33535c8) at virterror.c:111
#2  0x00002aaaaaae8fce in __virRaiseError (conn=0x33535a0, dom=0x0, 
net=0x0,
     domain=0, code=6, level=VIR_ERR_ERROR,
     str1=0x2aaaaab0c678 "invalid connection pointer in %s",
     str2=0x2aaaaab08560 "virConnectNumOfDomains", str3=0x0, int1=0, 
int2=0,
     msg=0x2aaaaab0c678 "invalid connection pointer in %s") at 
virterror.c:358
#3  0x00002aaaaaacfa8e in virLibConnError (conn=0x33535a0,
     error=VIR_ERR_INVALID_CONN, info=0x2aaaaab08560 
"virConnectNumOfDomains")
     at libvirt.c:127
#4  0x00002aaaaaad1052 in virConnectNumOfDomains (conn=0x736e6961)
     at libvirt.c:758
#5  0x000000000043fa4e in ?? ()


A preliminary look at the code seems to indicate a fault in this logic:

int
virConnectNumOfDomains(virConnectPtr conn)
{
     DEBUG("conn=%p", conn);

     if (!VIR_IS_CONNECT(conn)) {
         virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__);

The VIR_IS_CONNECT macro is defined as:

#define VIR_CONNECT_MAGIC   0x4F23DEAD
#define VIR_IS_CONNECT(obj) ((obj) && (obj)->magic==VIR_CONNECT_MAGIC)

Obviously if VIR_IS_CONNECT fails then "conn" should not be used 
further, so calling virLibConnError (conn, ...) is wrong.  Personally I 
think when we detect memory corruption in a C program we should just 
call abort().

I'll see if I can come up with a patch to fix this later ... at the 
moment I'm more interested in why my program is passing an invalid 
connection pointer in the first place :-(

Rich.

-- 
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.  Registered in
England and Wales under Company Registration No. 03798903
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070824/24d1a1a5/attachment-0001.bin>

More information about the libvir-list mailing list