[PATCH] remote: fix double free of migration params on error
Martin Kletzander
mkletzan at redhat.com
Tue Jan 10 11:11:21 UTC 2023
On Tue, Jan 10, 2023 at 05:42:24AM -0500, Daniel P. Berrangé wrote:
>The remote_*_args methods will generally borrow pointers
>passed in the caller, so should not be freed.
>
>On failure of the virTypedParamsSerialize method, however,
>xdr_free was being called. This is presumably because it
>was thought that the params may have been partially
>serialized and need cleaning up. This is incorrect, as
>virTypedParamsSerialize takes care to cleanup partially
>serialized data. This xdr_free call would lead to free'ing
>the borrowed cookie pointers, which would be a double free.
>
Which are marked g_autofree in the caller, yes. Some other places even
mention that caller free()s those.
>Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
Reviewed-by: Martin Kletzander <mkletzan at redhat.com>
and SFF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20230110/c1076cd5/attachment.sig>
More information about the libvir-list
mailing list