[libvirt] [PATCH] virsh: avoid heap corruption leading to virsh abort
Eric Blake
eblake at redhat.com
Mon May 7 19:36:57 UTC 2012
On 05/07/2012 01:29 PM, Jim Meyering wrote:
> Investigating a build problem reported by Laine,
> I was surprised to see "make check" fail on F17 due to a
> glibc invalid free abort. Ok to push to master?
>
>>From 61a559e0b2f4bded3059c5be7c958e2276f7fd16 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering at redhat.com>
> Date: Mon, 7 May 2012 21:22:09 +0200
> Subject: [PATCH] virsh: avoid heap corruption leading to virsh abort
>
> * tools/virsh.c (vshParseSnapshotDiskspec): Fix off-by-3 memmove
> that would corrupt heap when parsing escaped --diskspec comma.
> Bug introduced via commit v0.9.4-260-g35d52b5.
> ---
> tools/virsh.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/virsh.c b/tools/virsh.c
> index 1207ac9..dd9292a 100644
> --- a/tools/virsh.c
> +++ b/tools/virsh.c
> @@ -16107,7 +16107,7 @@ vshParseSnapshotDiskspec(vshControl *ctl, virBufferPtr buf, const char *str)
> while ((tmp = strchr(tmp, ','))) {
> if (tmp[1] == ',') {
> /* Recognize ,, as an escape for a literal comma */
> - memmove(&tmp[1], &tmp[2], len - (tmp - spec) + 2);
> + memmove(&tmp[1], &tmp[2], len - (tmp - spec) - 2 + 1);
ACK.
/me crawls in a hole for introducing that bug
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120507/664e767b/attachment-0001.sig>
More information about the libvir-list
mailing list