[libvirt] [PATCH] qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()

Daniel P. Berrange berrange at redhat.com
Tue Jul 16 13:52:44 UTC 2013


On Tue, Jul 16, 2013 at 03:47:10PM +0200, Peter Krempa wrote:
> A part of the returned monitor response was freed twice and caused
> crashes of the daemon when using guest agent cpu count retrieval.
> 
>  # virsh vcpucount dom --guest
> 
> Introduced in v1.0.6-48-gc6afcb0
> ---
>  src/qemu/qemu_agent.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
> index aca5ff3..72bf211 100644
> --- a/src/qemu/qemu_agent.c
> +++ b/src/qemu/qemu_agent.c
> @@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon,
>  cleanup:
>      virJSONValueFree(cmd);
>      virJSONValueFree(reply);
> -    virJSONValueFree(data);
>      return ret;
>  }

This is a strong indication that we need test coverage for the QEMU agent
APIs. I think you could easily add a tests/qemuagenttest.c file by copying
the existing qemumonitorjsontest.c & s/Monitor/Agent/, and thus get test
coverage of this flaw.


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list