[libvirt] [PATCH] virsh: avoid heap corruption leading to virsh abort

Jim Meyering jim at meyering.net
Mon May 7 19:29:11 UTC 2012


Investigating a build problem reported by Laine,
I was surprised to see "make check" fail on F17 due to a
glibc invalid free abort.  Ok to push to master?

>From 61a559e0b2f4bded3059c5be7c958e2276f7fd16 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Mon, 7 May 2012 21:22:09 +0200
Subject: [PATCH] virsh: avoid heap corruption leading to virsh abort

* tools/virsh.c (vshParseSnapshotDiskspec): Fix off-by-3 memmove
that would corrupt heap when parsing escaped --diskspec comma.
Bug introduced via commit v0.9.4-260-g35d52b5.
---
 tools/virsh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/virsh.c b/tools/virsh.c
index 1207ac9..dd9292a 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -16107,7 +16107,7 @@ vshParseSnapshotDiskspec(vshControl *ctl, virBufferPtr buf, const char *str)
     while ((tmp = strchr(tmp, ','))) {
         if (tmp[1] == ',') {
             /* Recognize ,, as an escape for a literal comma */
-            memmove(&tmp[1], &tmp[2], len - (tmp - spec) + 2);
+            memmove(&tmp[1], &tmp[2], len - (tmp - spec) - 2 + 1);
             len--;
             tmp++;
             continue;
--
1.7.10.1.457.g8275905




More information about the libvir-list mailing list