[libvirt] [ruby-libvirt] Don't free more entries than we retrieved
clalancette at gmail.com
Tue Jan 7 20:38:48 UTC 2014
On Tue, Jan 7, 2014 at 3:24 PM, Guido Günther <agx at sigxcpu.org> wrote:
> The vir*List* functions return the number of fetched entries. We mustn't
> free more, otherwise we'll crash like
> #0 0xb779d424 in __kernel_vsyscall ()
> #1 0xb733981f in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
> #2 0xb733ccd3 in __GI_abort () at abort.c:90
> #3 0xb7376275 in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0xb74767d0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
> #4 0xb7380e52 in malloc_printerr (action=<optimized out>, str=<optimized out>, ptr=0xb7087000) at malloc.c:4923
> #5 0xb7381b90 in _int_free (av=0xb74b7440 <main_arena>, p=0xb7086ff8, have_lock=0) at malloc.c:3779
> #6 0xb75c059f in ruby_xfree () from /usr/lib/libruby-1.9.1.so.1.9
> #7 0xb7076448 in ruby_libvirt_generate_list () from /usr/lib/ruby/vendor_ruby/1.9.1/i486-linux/_libvirt.so
> since we're trying to free random addresses.
Hm, this is pretty weird. At all ruby_libvirt_generate_list() call
sites, there is a line of code that precedes it that checks for r < 0.
If r is less than 0, then we generate an exception, which means that
the code that follows should never be called, and thus we should never
need this patch.
Can you explain a bit more why this patch helps, and/or give me a test
case that will cause it to fail?
More information about the libvir-list