Re: [libvirt] [PATCH 3/4] util: reset the counters to zero

On 02/09/2017 09:13 AM, Marc Hartmayer wrote:
After freeing the data structures we have to reset the counters to
zero. This fixes a segmentation fault when virNetDevIPInfoClear is
called twice (e.g. this is possible in virDomainNetDefParseXML() if
virDomainNetIPInfoParseXML(...) fails with ret < 0 (this leads to the
first call of 'virNetDevIPInfoClear(&def->guestIP)') and the resulting
call of virDomainNetDefFree(def) in the error path of
virDomainNetDefParseXML() (this leads to the second call of
virNetDevIPInfoClear(&def->guestIP), and finally to the segmentation

ACK, and I take full responsibility for introducing the bug :-/

(This shows the danger of believing that merely moving a chunk of code into a subordinate function that's called in place of the original code won't lead to a regression; previously it wasn't possible to call it twice on the same object, but now it is)

Signed-off-by: Marc Hartmayer <mhartmay linux vnet ibm com>
Reviewed-by: Boris Fiuczynski <fiuczy linux vnet ibm com>
Reviewed-by: Bjoern Walk <bwalk linux vnet ibm com>
  src/util/virnetdevip.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c
index d159760..42fbba1 100644
--- a/src/util/virnetdevip.c
+++ b/src/util/virnetdevip.c
@@ -882,10 +882,12 @@ virNetDevIPInfoClear(virNetDevIPInfoPtr ip)
      for (i = 0; i < ip->nips; i++)
+    ip->nips = 0;
for (i = 0; i < ip->nroutes; i++)
+    ip->nroutes = 0;

