[libvirt] [PATCH 3/4] util: reset the counters to zero

Laine Stump laine at laine.org
Thu Feb 9 19:23:38 UTC 2017


On 02/09/2017 09:13 AM, Marc Hartmayer wrote:
> After freeing the data structures we have to reset the counters to
> zero. This fixes a segmentation fault when virNetDevIPInfoClear is
> called twice (e.g. this is possible in virDomainNetDefParseXML() if
> virDomainNetIPInfoParseXML(...) fails with ret < 0 (this leads to the
> first call of 'virNetDevIPInfoClear(&def->guestIP)') and the resulting
> call of virDomainNetDefFree(def) in the error path of
> virDomainNetDefParseXML() (this leads to the second call of
> virNetDevIPInfoClear(&def->guestIP), and finally to the segmentation
> fault).

ACK, and I take full responsibility for introducing the bug :-/

(This shows the danger of believing that merely moving a chunk of code 
into a subordinate function that's called in place of the original code 
won't lead to a regression; previously it wasn't possible to call it 
twice on the same object, but now it is)

>
> Signed-off-by: Marc Hartmayer <mhartmay at linux.vnet.ibm.com>
> Reviewed-by: Boris Fiuczynski <fiuczy at linux.vnet.ibm.com>
> Reviewed-by: Bjoern Walk <bwalk at linux.vnet.ibm.com>
> ---
>   src/util/virnetdevip.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c
> index d159760..42fbba1 100644
> --- a/src/util/virnetdevip.c
> +++ b/src/util/virnetdevip.c
> @@ -882,10 +882,12 @@ virNetDevIPInfoClear(virNetDevIPInfoPtr ip)
>       for (i = 0; i < ip->nips; i++)
>           VIR_FREE(ip->ips[i]);
>       VIR_FREE(ip->ips);
> +    ip->nips = 0;
>   
>       for (i = 0; i < ip->nroutes; i++)
>           virNetDevIPRouteFree(ip->routes[i]);
>       VIR_FREE(ip->routes);
> +    ip->nroutes = 0;
>   }
>   
>   





More information about the libvir-list mailing list