[libvirt] avoid double free

Fri May 16 06:21:07 UTC 2008

I noticed a new test failure on rawhide,
ran valgrind ./qemuxml2xmltest and got this:

==14847== Invalid free() / delete / delete[]
==14847==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==14847==    by 0x409DF8: qemudParseXML (qemu_conf.c:2149)
==14847==    by 0x40CBE0: qemudParseVMDef (qemu_conf.c:2982)
==14847==    by 0x4021CD: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
==14847==    by 0x4022EA: testCompareXMLToXMLHelper (qemuxml2xmltest.c:68)
==14847==    by 0x40291B: virtTestRun (testutils.c:79)
==14847==    by 0x402436: main (qemuxml2xmltest.c:100)
==14847==  Address 0x4cd3d68 is 0 bytes inside a block of size 72 free'd
==14847==    at 0x4A0609F: free (vg_replace_malloc.c:323)
==14847==    by 0x408731: qemudParseXML (qemu_conf.c:1738)
==14847==    by 0x40CBE0: qemudParseVMDef (qemu_conf.c:2982)
==14847==    by 0x4021CD: testCompareXMLToXMLFiles (qemuxml2xmltest.c:35)
==14847==    by 0x4022EA: testCompareXMLToXMLHelper (qemuxml2xmltest.c:68)
==14847==    by 0x40291B: virtTestRun (testutils.c:79)
==14847==    by 0x402436: main (qemuxml2xmltest.c:100)

Here's the fix:

>From 777e199f2d680ec302b7604e030a41da2c62cb49 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Fri, 16 May 2008 08:18:31 +0200
Subject: [PATCH] avoid a double-free bug

* src/qemu_conf.c (qemudParseXML): Ensure that "obj" is either
NULL or a valid malloc'd pointer before we might "goto error"
where it is freed.
---

diff --git a/src/qemu_conf.c b/src/qemu_conf.c
index 458f5df..1a7ab46 100644
--- a/src/qemu_conf.c
+++ b/src/qemu_conf.c
@@ -1736,6 +1736,7 @@ static struct qemud_vm_def *qemudParseXML(virConnectPtr conn,
     } else {
         strcpy(def->os.type, (const char *)obj->stringval);
         xmlXPathFreeObject(obj);
+        obj = NULL;
     }

     if (!virCapabilitiesSupportsGuestOSType(driver->caps, def->os.type)) {
--
1.5.5.1.249.g26848


