[Libvir] Segfault with invalid virConnectPtr
Daniel Veillard
veillard at redhat.com
Fri Aug 24 09:52:59 UTC 2007
On Fri, Aug 24, 2007 at 10:41:55AM +0100, Richard W.M. Jones wrote:
> Program terminated with signal 11, Segmentation fault.
> #0 0x0000003d8b472a1b in free () from /lib64/libc.so.6
> (gdb) bt
> #0 0x0000003d8b472a1b in free () from /lib64/libc.so.6
> #1 0x00002aaaaaae8dd7 in virResetError (err=0x33535c8) at virterror.c:111
> #2 0x00002aaaaaae8fce in __virRaiseError (conn=0x33535a0, dom=0x0,
> net=0x0,
> domain=0, code=6, level=VIR_ERR_ERROR,
> str1=0x2aaaaab0c678 "invalid connection pointer in %s",
> str2=0x2aaaaab08560 "virConnectNumOfDomains", str3=0x0, int1=0,
> int2=0,
> msg=0x2aaaaab0c678 "invalid connection pointer in %s") at
> virterror.c:358
> #3 0x00002aaaaaacfa8e in virLibConnError (conn=0x33535a0,
> error=VIR_ERR_INVALID_CONN, info=0x2aaaaab08560
> "virConnectNumOfDomains")
> at libvirt.c:127
> #4 0x00002aaaaaad1052 in virConnectNumOfDomains (conn=0x736e6961)
> at libvirt.c:758
> #5 0x000000000043fa4e in ?? ()
>
>
> A preliminary look at the code seems to indicate a fault in this logic:
>
> int
> virConnectNumOfDomains(virConnectPtr conn)
> {
> DEBUG("conn=%p", conn);
>
> if (!VIR_IS_CONNECT(conn)) {
> virLibConnError(conn, VIR_ERR_INVALID_CONN, __FUNCTION__);
>
> The VIR_IS_CONNECT macro is defined as:
>
> #define VIR_CONNECT_MAGIC 0x4F23DEAD
> #define VIR_IS_CONNECT(obj) ((obj) && (obj)->magic==VIR_CONNECT_MAGIC)
>
> Obviously if VIR_IS_CONNECT fails then "conn" should not be used
> further, so calling virLibConnError (conn, ...) is wrong.
yes that need to be fixed by passing NULL.
> Personally I
> think when we detect memory corruption in a C program we should just
> call abort().
in a program you can call exit(), doing so in a library is an heresy,
so definitely no. It may not be a memory corruption, just a programming
error, a NULL pointer or something. Bringing down the user program from
a library is the best way to piss of your user base.
> I'll see if I can come up with a patch to fix this later ... at the
the fix at the libvirt level is just to pass NULL there.
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the libvir-list
mailing list