[libvirt] Error in virt-install

Daniel P. Berrange berrange at redhat.com
Tue Mar 10 10:34:05 UTC 2009 

On Tue, Mar 10, 2009 at 11:21:01AM +0100, Daniel Veillard wrote:
> On Tue, Mar 10, 2009 at 10:16:26AM +0100, Daniel Veillard wrote:
> > > Starting install...
> > > *** glibc detected *** /usr/bin/python: free(): invalid next size (fast): 
> > 
> >   Yes I'm seeing this too on 0.6.1 on RHEL-5.3, I'm trying to chase it
> > down, it's a bit hard to find out where the memory corruption occurs.
> > 
> > > I've memtested the memory and its fine. If i use a file as the target (instead 
> > > of a block device) it also works:
> > > 
> > > virt-install -n test -r 512 --vnc --file=/tmp/test-os --file-size=2 --
> > > location=ftp://mirrors/centos/5/os/i386
> > 
> >   yes I get the crash with a file based target too.
> >   I'm investigating ...
> 
>   I guess I nailed it down, it's something we introduced when converting
> memory allocation, and since the block getting allocated includes both
> char * and char we failed to allocate enough space for the leading
> char * array.
>   With this patch I was able to create a new guest and have it load
> with virt-install (but just in serial concole, graphics didn't work
> for some reason), it disapeared from the domain list too after being
> restarted at the end of the installation, so there is more stuff to
> be fixed on RHEL/Centos Xen, but that one seems solved,

Ahhh, wow that was confusing :-) I didn't notice the one allocation
covered the string array, and the strings themselves ! Probably worth
a comment on the funtion that the strings should not be freed separately

ACK

> Index: src/xend_internal.c
> ===================================================================
> RCS file: /data/cvs/libxen/src/xend_internal.c,v
> retrieving revision 1.251
> diff -u -r1.251 xend_internal.c
> --- src/xend_internal.c	13 Feb 2009 18:23:23 -0000	1.251
> +++ src/xend_internal.c	10 Mar 2009 10:00:28 -0000
> @@ -904,7 +904,15 @@
>          count++;
>      }
>  
> -    if (VIR_ALLOC_N(ptr, count + 1 + extra) < 0)
> +    /*
> +     * We can'tuse the normal allocation routines as we are mixing
> +     * an array of char * at the beginning followed by an array of char
> +     * ret points to the NULL terminated array of char *
> +     * ptr points to the current string after that array but in the same
> +     * allocated block
> +     */
> +    if (virAlloc((void *)&ptr,
> +                 (count + 1) * sizeof(char *) + extra * sizeof(char)) < 0)
>          goto error;
>  
>      ret = (char **) ptr;

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list