[Libvirt-cim] [PATCH 8/8] xmlgen: Avoid double-free
Eduardo Lima (Etrunko)
eblima at linux.vnet.ibm.com
Fri Nov 4 11:05:12 UTC 2011
On 11/03/2011 08:31 PM, Sharad Mishra wrote:
[snip]
>> diff --git a/libxkutil/xmlgen.c b/libxkutil/xmlgen.c
>> index ee20895..4cca75b 100644
>> --- a/libxkutil/xmlgen.c
>> +++ b/libxkutil/xmlgen.c
>> @@ -1292,6 +1292,7 @@ static const char *storage_vol_xml(xmlNodePtr root,
>> goto out;
>>
>> free(string);
>> + string = NULL;
>
> shouldn't you be removing the free?
>
>>
>> if (vol->cap_units != NULL) {
>> xmlAttrPtr tmp = NULL;
>> @@ -1309,6 +1310,7 @@ static const char *storage_vol_xml(xmlNodePtr root,
>> goto out;
>>
>> free(string);
>> + string = NULL;
>
> same here.
>
My understanding is that in error cases, the code will end up calling
free(string) again in the "out" block. Thus setting the variable string
to NULL after each free() call actually protects against double free.
--
Eduardo de Barros Lima
Software Engineer, Open Virtualization
Linux Technology Center - IBM/Brazil
eblima at br.ibm.com
More information about the Libvirt-cim
mailing list