[libvirt] [PATCH] storage: fix crash caused by no check return before set close
Michal Privoznik
mprivozn at redhat.com
Wed Dec 3 16:38:45 UTC 2014
On 03.12.2014 16:01, Luyao Huang wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5
>
> When try to use a invalid offset do volupload, libvirt will
> get failed in virFDStreamOpenFileInternal, but seems libvirt do not
> check the return in storageVolUpload, and call virFDStreamSetInternalCloseCb
> , but stream doesn't have a privateData (is NULL), then crash.
> Although libvirt have a check for invalid offset in cmdVolUpload, but i think
> there should have some other way to touch off this crash.
>
> 0 0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
> 1 0x00007f094514dbf5 in virMutexLock (m=<optimized out>) at util/virthread.c:88
> 2 0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
> 3 0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
> 4 0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
> 5 0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
> 6 remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
> 7 0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437
>
> Signed-off-by: Luyao Huang <lhuang at redhat.com>
> ---
> src/storage/storage_driver.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
> index 7f33d6f..7f4de19 100644
> --- a/src/storage/storage_driver.c
> +++ b/src/storage/storage_driver.c
> @@ -2111,8 +2111,9 @@ storageVolUpload(virStorageVolPtr obj,
> goto cleanup;
> }
>
> - ret = backend->uploadVol(obj->conn, pool, vol, stream,
> - offset, length, flags);
> + if ((ret = backend->uploadVol(obj->conn, pool, vol, stream,
> + offset, length, flags)) < 0)
> + goto cleanup;
>
> /* Add cleanup callback - call after uploadVol since the stream
> * is then fully set up
>
I've updated the commit message a bit, ACKed and pushed.
Michal
More information about the libvir-list
mailing list