[libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Alex Jia
ajia at redhat.com
Fri Aug 9 03:05:15 UTC 2013
Martin, I pushed this now.
--
Regards,
Alex
----- Original Message -----
From: "Martin Kletzander" <mkletzan at redhat.com>
To: "Alex Jia" <ajia at redhat.com>
Cc: libvir-list at redhat.com
Sent: Thursday, August 8, 2013 8:09:57 PM
Subject: Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
On 08/08/2013 10:48 AM, Alex Jia wrote:
> Valgrind defects memory error:
>
> ==16759== 1 errors in context 1 of 8:
> ==16759== Invalid free() / delete / delete[] / realloc()
> ==16759== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16759== by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
> ==16759== by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
> ==16759== by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
> ==16759== by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
> ==16759== by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
> ==16759== by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
> ==16759== by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
> ==16759== by 0x13127A: cmdStart (virsh-domain.c:3376)
> ==16759== by 0x12BF83: vshCommandRun (virsh.c:1751)
> ==16759== by 0x126FFB: main (virsh.c:3205)
> ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd
>
> ==16759== 1 errors in context 2 of 8:
> ==16759== Conditional jump or move depends on uninitialised value(s)
> ==16759== at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16759== by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
> ==16759== by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
> ==16759== by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
> ==16759== by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
> ==16759== by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
> ==16759== by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
> ==16759== by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
> ==16759== by 0x13127A: cmdStart (virsh-domain.c:3376)
> ==16759== by 0x12BF83: vshCommandRun (virsh.c:1751)
> ==16759== by 0x126FFB: main (virsh.c:3205)
> ==16759== Uninitialised value was created by a stack allocation
> ==16759== at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423)
>
> How to reproduce?
>
> # virsh start <domain> --paused
>
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855
>
>
> Signed-off-by: Alex Jia <ajia at redhat.com>
> ---
> src/remote/remote_driver.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index f828eef..71d0034 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags)
> make_nonnull_domain(&args.dom, dom);
> args.flags = flags;
>
> + memset(&ret, 0, sizeof(ret));
> if (call(dom->conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS,
> (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)&args,
> (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)&ret) == -1) {
>
ACK.
I wonder whether we could de-duplicate this since all similar functions
call this, but call() doesn't know the structure size :(
Martin
More information about the libvir-list
mailing list