[libvirt] [libvirt-sandbox][PATCH] Avoid segfault in gvir_sandbox_config_add_host_include_file

Daniel P. Berrange berrange at redhat.com
Fri Mar 22 10:45:41 UTC 2013 

On Fri, Mar 22, 2013 at 05:38:23PM +0800, Alex Jia wrote:
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=924574
> 
> Valgrind defects memory error:
> 
> ==19297== Invalid free() / delete / delete[] / realloc()
> ==19297==    at 0x4A077A6: free (vg_replace_malloc.c:446)
> ==19297==    by 0x350F24D79E: g_free (in /usr/lib64/libglib-2.0.so.0.3400.2)
> ==19297==    by 0x4C2C03F: gvir_sandbox_config_add_host_include_file (libvirt-sandbox-config.c:1319)
> ==19297==    by 0x401FB7: main (virt-sandbox.c:171)
> ==19297==  Address 0x4f2094c is 12 bytes inside a block of size 18 alloc'd
> ==19297==    at 0x4A0883C: malloc (vg_replace_malloc.c:270)
> ==19297==    by 0x350F24D68E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2)
> ==19297==    by 0x350F263F0B: g_strdup (in /usr/lib64/libglib-2.0.so.0.3400.2)
> ==19297==    by 0x4C2BF95: gvir_sandbox_config_add_host_include_file (libvirt-sandbox-config.c:1292)
> ==19297==    by 0x401FB7: main (virt-sandbox.c:171)
> 
> 
> Signed-off-by: Alex Jia <ajia at redhat.com>
> ---
>  libvirt-sandbox/libvirt-sandbox-config.c |    5 +++--
>  1 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/libvirt-sandbox/libvirt-sandbox-config.c b/libvirt-sandbox/libvirt-sandbox-config.c
> index 665a9fb..135eef1 100644
> --- a/libvirt-sandbox/libvirt-sandbox-config.c
> +++ b/libvirt-sandbox/libvirt-sandbox-config.c
> @@ -1285,6 +1285,7 @@ gboolean gvir_sandbox_config_add_host_include_file(GVirSandboxConfig *config,
>                                                   error))) {
>          const gchar *host;
>          gchar *guest;
> +        const gchar *relguest;
>          GVirSandboxConfigMount *mnt = NULL;
>          GList *mnts = NULL;
>          gchar *tmp;
> @@ -1302,7 +1303,7 @@ gboolean gvir_sandbox_config_add_host_include_file(GVirSandboxConfig *config,
>              mnt = GVIR_SANDBOX_CONFIG_MOUNT(mnts->data);
>              const gchar *target = gvir_sandbox_config_mount_get_target(mnt);
>              if (g_str_has_prefix(guest, target)) {
> -                guest = guest + strlen(target);
> +                relguest = guest + strlen(target);
>                  break;
>              }

I think you need to have

    } else {
      relguest = guest;
    }


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list