[Libvir] Fix buffer overflow in dumping XML

Richard W.M. Jones rjones at redhat.com
Thu Mar 22 11:04:58 UTC 2007


Daniel P. Berrange wrote:
> The new bufferContentAndFree() method used for the QEMU daemon rellocs the
> buffer size down to release memory held by the buffer which was never used
> for any data. Unfortunately it reallocs it 1 byte too small, so later uses
> of strlen()/strcpy() either magically work, or randomly append gargage or
> crash the daemon depending on the phase of the moon :-) Re-allocing the
> buffer to relase a few bytes memory isn't really an optimization since the
> caller is going to free the entire block a very short while later, so this
> patch simply removes the realloc call.

Ooops - good call.

Rich.

-- 
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
  "[Negative numbers] darken the very whole doctrines of the equations
  and make dark of the things which are in their nature excessively
  obvious and simple" (Francis Maseres FRS, mathematician, 1759)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070322/1eff7b3e/attachment-0001.bin>


More information about the libvir-list mailing list