[libvirt] [PATCH] virsh: Avoid invalid read of size errors

Alex Jia ajia at redhat.com
Mon Feb 6 05:22:38 UTC 2012


Thanks and pushed.

Alex


----- Original Message -----
From: "Osier Yang" <jyang at redhat.com>
To: ajia at redhat.com
Cc: libvir-list at redhat.com
Sent: Monday, February 6, 2012 12:03:37 PM
Subject: Re: [libvirt] [PATCH] virsh: Avoid invalid read of size errors

On 2012年02月06日 11:48, ajia at redhat.com wrote:
> From: Alex Jia<ajia at redhat.com>
>
> Detected by valgrind. the codes are allocating 0 bytes memory to variable
> cpumap by vshCalloc function, and then the function VIR_USE_CPU will access
> it later, a invalid read error will be hit.
>
> * tools/virsh.c(cmdVcpuPin): fix invalid read error.
>
> * How to reproduce?
> % valgrind -v --read-var-info=yes virsh vcpupin<domain>  0 0
>
> * Actual result:
>
> ==27271== ERROR SUMMARY: 5 errors from 2 contexts (suppressed: 8 from 6)
> ==27271==
> ==27271== 1 errors in context 1 of 2:
> ==27271== Invalid read of size 1
> ==27271==    at 0x39CF087E2E: __GI_memcpy (in /lib64/libc-2.12.so)
> ==27271==    by 0x39CF114FDC: xdrmem_putbytes (in /lib64/libc-2.12.so)
> ==27271==    by 0x39CF114707: xdr_opaque (in /lib64/libc-2.12.so)
> ==27271==    by 0x4D56194: xdr_remote_domain_pin_vcpu_args (remote_protocol.c:1844)
> ==27271==    by 0x4D6CCE1: virNetMessageEncodePayload (virnetmessage.c:341)
> ==27271==    by 0x4D5A44B: virNetClientProgramCall (virnetclientprogram.c:327)
> ==27271==    by 0x4D36EDB: callWithFD (remote_driver.c:4546)
> ==27271==    by 0x4D36F7B: call (remote_driver.c:4567)
> ==27271==    by 0x4D3B2C1: remoteDomainPinVcpu (remote_client_bodies.h:1566)
> ==27271==    by 0x4D199D3: virDomainPinVcpu (libvirt.c:8585)
> ==27271==    by 0x4241F4: cmdVcpuPin (virsh.c:5262)
> ==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
> ==27271==  Address 0x5602b80 is 0 bytes after a block of size 0 alloc'd
> ==27271==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
> ==27271==    by 0x4C89BDF: virAllocN (memory.c:129)
> ==27271==    by 0x423868: _vshCalloc.clone.2 (virsh.c:454)
> ==27271==    by 0x423EF9: cmdVcpuPin (virsh.c:5190)
> ==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
> ==27271==    by 0x426583: main (virsh.c:19289)
> ==27271==
> ==27271==
> ==27271== 4 errors in context 2 of 2:
> ==27271== Invalid read of size 1
> ==27271==    at 0x424133: cmdVcpuPin (virsh.c:5245)
> ==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
> ==27271==    by 0x426583: main (virsh.c:19289)
> ==27271==  Address 0x5602b80 is 0 bytes after a block of size 0 alloc'd
> ==27271==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
> ==27271==    by 0x4C89BDF: virAllocN (memory.c:129)
> ==27271==    by 0x423868: _vshCalloc.clone.2 (virsh.c:454)
> ==27271==    by 0x423EF9: cmdVcpuPin (virsh.c:5190)
> ==27271==    by 0x4150A6: vshCommandRun (virsh.c:17712)
> ==27271==    by 0x426583: main (virsh.c:19289)
>
> Signed-off-by: Alex Jia<ajia at redhat.com>
> ---
>   tools/virsh.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/tools/virsh.c b/tools/virsh.c
> index 72ca93a..1613d2e 100644
> --- a/tools/virsh.c
> +++ b/tools/virsh.c
> @@ -5187,7 +5187,7 @@ cmdVcpuPin(vshControl *ctl, const vshCmd *cmd)
>
>       /* Pin mode: pinning specified vcpu to specified physical cpus*/
>
> -    cpumap = vshCalloc(ctl, 0, cpumaplen);
> +    cpumap = vshCalloc(ctl, cpumaplen, sizeof(cpumap));
>       /* Parse cpulist */
>       cur = cpulist;
>       if (*cur == 0) {

ACK.




More information about the libvir-list mailing list