[Libvir] Segfault with invalid virConnectPtr

Daniel Veillard veillard at redhat.com
Fri Aug 24 09:52:59 UTC 2007 

On Fri, Aug 24, 2007 at 10:41:55AM +0100, Richard W.M. Jones wrote:
> Program terminated with signal 11, Segmentation fault.
> #0  0x0000003d8b472a1b in free () from /lib64/libc.so.6
> (gdb) bt
> #0  0x0000003d8b472a1b in free () from /lib64/libc.so.6
> #1  0x00002aaaaaae8dd7 in virResetError (err=0x33535c8) at virterror.c:111
> #2  0x00002aaaaaae8fce in __virRaiseError (conn=0x33535a0, dom=0x0, 
> net=0x0,
>     domain=0, code=6, level=VIR_ERR_ERROR,
>     str1=0x2aaaaab0c678 "invalid connection pointer in %s",
>     str2=0x2aaaaab08560 "virConnectNumOfDomains", str3=0x0, int1=0, 
> int2=0,
>     msg=0x2aaaaab0c678 "invalid connection pointer in %s") at 
> virterror.c:358
> #3  0x00002aaaaaacfa8e in virLibConnError (conn=0x33535a0,
>     error=VIR_ERR_INVALID_CONN, info=0x2aaaaab08560 
> "virConnectNumOfDomains")
>     at libvirt.c:127
> #4  0x00002aaaaaad1052 in virConnectNumOfDomains (conn=0x736e6961)
>     at libvirt.c:758
> #5  0x000000000043fa4e in ?? ()
> 
> 
> A preliminary look at the code seems to indicate a fault in this logic:
> 
> int
> virConnectNumOfDomains(virConnectPtr conn)
> {
>     DEBUG("conn=%p", conn);
> 
>     if (!VIR_IS_CONNECT(conn)) {
>         virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
> 
> The VIR_IS_CONNECT macro is defined as:
> 
> #define VIR_CONNECT_MAGIC   0x4F23DEAD
> #define VIR_IS_CONNECT(obj) ((obj) && (obj)->magic==VIR_CONNECT_MAGIC)
> 
> Obviously if VIR_IS_CONNECT fails then "conn" should not be used 
> further, so calling virLibConnError (conn, ...) is wrong.

  yes that need to be fixed by passing NULL.

> Personally I 
> think when we detect memory corruption in a C program we should just 
> call abort().

  in a program you can call exit(), doing so in a library is an heresy,
so definitely no. It may not be a memory corruption, just a programming
error, a NULL pointer or something. Bringing down the user program from
a library is the best way to piss of your user base.

> I'll see if I can come up with a patch to fix this later ... at the 

  the fix at the libvirt level is just to pass NULL there.

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

More information about the libvir-list mailing list