[Libvir] Fix buffer overflow in dumping XML
Richard W.M. Jones
rjones at redhat.com
Thu Mar 22 11:04:58 UTC 2007
Daniel P. Berrange wrote:
> The new bufferContentAndFree() method used for the QEMU daemon rellocs the
> buffer size down to release memory held by the buffer which was never used
> for any data. Unfortunately it reallocs it 1 byte too small, so later uses
> of strlen()/strcpy() either magically work, or randomly append gargage or
> crash the daemon depending on the phase of the moon :-) Re-allocing the
> buffer to relase a few bytes memory isn't really an optimization since the
> caller is going to free the entire block a very short while later, so this
> patch simply removes the realloc call.
Ooops - good call.
Emerging Technologies, Red Hat http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF Mobile: +44 7866 314 421
"[Negative numbers] darken the very whole doctrines of the equations
and make dark of the things which are in their nature excessively
obvious and simple" (Francis Maseres FRS, mathematician, 1759)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
More information about the libvir-list