[libvirt] [PATCH] virsh: avoid double free of domain

ajia at redhat.com ajia at redhat.com
Sun Jul 17 15:29:07 UTC 2011 

From: Alex Jia <ajia at redhat.com>

* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
  less than 0, codes will free domain and jump to cleanup section, however,
  cleanup will free domain again.

Detected in valgrind run:

==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
==21297== 
==21297== 1 errors in context 1 of 20:
==21297== Invalid read of size 4
==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)
==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297==    by 0x406814D: virFree (memory.c:310)
==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)
==21297== 
==21297== 
==21297== 1 errors in context 2 of 20:
==21297== Invalid read of size 4
==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)
==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297==    by 0x406814D: virFree (memory.c:310)
==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)

* how to reproduce?
  % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1

---
 tools/virsh.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/tools/virsh.c b/tools/virsh.c
index e75a249..cba249a 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -3610,7 +3610,6 @@ cmdBlkiotune(vshControl * ctl, const vshCmd * cmd)
     if (weight) {
         nparams++;
         if (weight < 0) {
-            virDomainFree(dom);
             vshError(ctl, _("Invalid value of %d for I/O weight"), weight);
             goto cleanup;
         }
-- 
1.7.3.4

More information about the libvir-list mailing list