[PATCH] virdomainjob: preserveJob: memdup the cb structure instead of copying it
Michal Prívozník
mprivozn at redhat.com
Thu Sep 29 12:11:49 UTC 2022
On 9/29/22 13:56, Kristina Hanicova wrote:
> In case of variable 'oldjob' (job structure) in
> qemuProcessReconnect() the init function was not called and the
> cb pointer was just copied from the existing job structure in
> virDomainObjPreserveJob(). This caused that the job and oldjob
> had the same pointer, which was later freed at the end of the
> qemuProcessReconnect() function by automatic call to
> virDomainObjClearJob().
> This caused an invalid read in case of a daemon crash as the job
> structure was trying to read cb which had been already freed.
>
> This patch changes the copying to g_memdup that allocates
> different pointer, which can be later safely freed.
>
> Signed-off-by: Kristina Hanicova <khanicov at redhat.com>
> ---
> src/conf/virdomainjob.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
Cleaned up the commit message a bit. Specifically, using
virDomainObjInitJob() wouldn't really help here, because job->cb and
currJob->cb would still share the same pointer after
virDomainObjPreserveJob() is called. In fact, it would lead to a memory
leak because the first thing that virDomainObjPreserveJob() does is
memset() job to 0.
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
and pushed.
Michal
More information about the libvir-list
mailing list