[libvirt] PATCH] Stop double free
Mark Hamzy
hamzy at us.ibm.com
Thu Sep 24 18:34:35 UTC 2009
The stack trace is as follows:
Program received signal SIGABRT, Aborted.
0x00000035ad830265 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00000035ad830265 in raise () from /lib64/libc.so.6
#1 0x00000035ad831d10 in abort () from /lib64/libc.so.6
#2 0x00000035ad86a84b in __libc_message () from /lib64/libc.so.6
#3 0x00000035ad8722ef in _int_free () from /lib64/libc.so.6.
#4 0x00000035ad87273b in free () from /lib64/libc.so.6.
#5 0x0000000000406771 in vshDeinit (ctl=0x7fffd35d35e0) at virsh.c:8244
#6 0x00000000004069a5 in vshError (ctl=0x7fffd35d35e0, doexit=<value
optimized out>, format=0x414f66 "%s") at virsh.c:7861
#7 0x00000000004067c4 in vshDeinit (ctl=0x7fffd35d35e0) at virsh.c:8248
#8 0x000000000041335e in main (argc=3, argv=0x7fffd35d3748) at
virsh.c:8493
I am trying to run libvirt-0.7.1-0.1.git3ef2e05.fc12.src.rpm on RHEL5.4.
vshDeinit gets called twice, so ctl->name is freed twice.
How about this patch then?
(See attached file: 0001-Fix-possible-double-free.patch)
--
Mark
You must be the change you wish to see in the world. -- Mahatma Gandhi
Worrying is praying for that you do not wish to happen.
Chris Lalancette
<clalance at redhat.
com> To
Mark Hamzy/Austin/IBM at IBMUS
09/16/2009 06:30 cc
AM libvir-list at redhat.com
Subject
Re: [libvirt] PATCH] Stop double
free
Mark Hamzy wrote:
> diff --git a/src/virsh.c b/src/virsh.c
> index 4825f1c..5fc6c8f 100644
> --- a/src/virsh.c
> +++ b/src/virsh.c
> @@ -8201,7 +8201,7 @@ vshError(vshControl *ctl, int doexit, const char
> *format, ...)
> fputc('\n', stderr);
>
> if (doexit) {
> - if (ctl)
> + if (ctl && ctl->conn)
> vshDeinit(ctl);
> exit(EXIT_FAILURE);
> }
I don't think this patch is right. vshDeinit() already has a check for
ctl->conn, and if you put it higher up in the call chain like this, you'll
leak
the ctl->name memory and the ctrl->log_fd file descriptors. Do you have a
stack
trace with line numbers in it (i.e. debugging information)? Also, what
version
of libvirt are you using? That might shed a bit more light on what the
problem is.
--
Chris Lalancette
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090924/2317c8ab/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090924/2317c8ab/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic31299.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090924/2317c8ab/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090924/2317c8ab/attachment-0005.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-possible-double-free.patch
Type: application/octet-stream
Size: 741 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20090924/2317c8ab/attachment-0001.obj>
More information about the libvir-list
mailing list