[libvirt] Error in virt-install
Daniel P. Berrange
berrange at redhat.com
Tue Mar 10 10:34:05 UTC 2009
On Tue, Mar 10, 2009 at 11:21:01AM +0100, Daniel Veillard wrote:
> On Tue, Mar 10, 2009 at 10:16:26AM +0100, Daniel Veillard wrote:
> > > Starting install...
> > > *** glibc detected *** /usr/bin/python: free(): invalid next size (fast):
> >
> > Yes I'm seeing this too on 0.6.1 on RHEL-5.3, I'm trying to chase it
> > down, it's a bit hard to find out where the memory corruption occurs.
> >
> > > I've memtested the memory and its fine. If i use a file as the target (instead
> > > of a block device) it also works:
> > >
> > > virt-install -n test -r 512 --vnc --file=/tmp/test-os --file-size=2 --
> > > location=ftp://mirrors/centos/5/os/i386
> >
> > yes I get the crash with a file based target too.
> > I'm investigating ...
>
> I guess I nailed it down, it's something we introduced when converting
> memory allocation, and since the block getting allocated includes both
> char * and char we failed to allocate enough space for the leading
> char * array.
> With this patch I was able to create a new guest and have it load
> with virt-install (but just in serial concole, graphics didn't work
> for some reason), it disapeared from the domain list too after being
> restarted at the end of the installation, so there is more stuff to
> be fixed on RHEL/Centos Xen, but that one seems solved,
Ahhh, wow that was confusing :-) I didn't notice the one allocation
covered the string array, and the strings themselves ! Probably worth
a comment on the funtion that the strings should not be freed separately
ACK
> Index: src/xend_internal.c
> ===================================================================
> RCS file: /data/cvs/libxen/src/xend_internal.c,v
> retrieving revision 1.251
> diff -u -r1.251 xend_internal.c
> --- src/xend_internal.c 13 Feb 2009 18:23:23 -0000 1.251
> +++ src/xend_internal.c 10 Mar 2009 10:00:28 -0000
> @@ -904,7 +904,15 @@
> count++;
> }
>
> - if (VIR_ALLOC_N(ptr, count + 1 + extra) < 0)
> + /*
> + * We can'tuse the normal allocation routines as we are mixing
> + * an array of char * at the beginning followed by an array of char
> + * ret points to the NULL terminated array of char *
> + * ptr points to the current string after that array but in the same
> + * allocated block
> + */
> + if (virAlloc((void *)&ptr,
> + (count + 1) * sizeof(char *) + extra * sizeof(char)) < 0)
> goto error;
>
> ret = (char **) ptr;
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list