If the code jump to the cleanup before assagin value to xml pointer,
libvirtd may get crashed when try to free an uninitialized pointer.
backtrace:
0 0x00007ffff428d59c in free () from /lib64/libc.so.6
1 0x00007ffff721314a in virFree (ptrptr=ptrptr@entry=0x7fffc67f1b00) at util/viralloc.c:582
2 0x00007ffff7345ac4 in virDomainConfNWFilterInstantiate (vmname=<optimized out>,
vmuuid=vmuuid@entry=0x7fffc0181ca8 "߉\237\\۔H\262\206z\340\302f\265\233z", net=<optimized out>,
ignoreExists=ignoreExists@entry=true) at conf/domain_nwfilter.c:122
3 0x00007fffca5a77f6 in qemuProcessFiltersInstantiate (ignoreExists=true, def=0x7fffc0181ca0) at qemu/qemu_process.c:3028
4 qemuProcessReconnect (opaque=<optimized out>) at qemu/qemu_process.c:7653
5 0x00007ffff72c4895 in virThreadHelper (data=<optimized out>) at util/virthread.c:206
6 0x00007ffff45dcdd5 in start_thread () from /lib64/libpthread.so.0
7 0x00007ffff4305ead in clone () from /lib64/libc.so.6
Signed-off-by: Luyao Huang <lhuang@redhat.com>
---
src/conf/domain_nwfilter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c
index 948b324..24b5f42 100644
--- a/src/conf/domain_nwfilter.c
+++ b/src/conf/domain_nwfilter.c
@@ -90,7 +90,7 @@ virDomainConfNWFilterInstantiate(const char *vmname,
virConnectPtr conn = virGetConnectNWFilter();
virNWFilterBindingDefPtr def = NULL;
virNWFilterBindingPtr binding = NULL;
- char *xml;
+ char *xml = NULL;
int ret = -1;
VIR_DEBUG("vmname=%s portdev=%s filter=%s ignoreExists=%d",
--
1.8.3.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-listOn 07/05/2018 06:34 AM, Luyao Huang wrote:
> If the code jump to the cleanup before assagin value to xml pointer,
> libvirtd may get crashed when try to free an uninitialized pointer.
>
> backtrace:
>
> 0 0x00007ffff428d59c in free () from /lib64/libc.so.6
> 1 0x00007ffff721314a in virFree (ptrptr=ptrptr@entry=0x7fffc67f1b00) at util/viralloc.c:582
> 2 0x00007ffff7345ac4 in virDomainConfNWFilterInstantiate (vmname=<optimized out>,
> vmuuid=vmuuid@entry=0x7fffc0181ca8 "߉\237\\۔H\262\206z\340\302f\265\233z", net=<optimized out>,
> ignoreExists=ignoreExists@entry=true) at conf/domain_nwfilter.c:122
> 3 0x00007fffca5a77f6 in qemuProcessFiltersInstantiate (ignoreExists=true, def=0x7fffc0181ca0) at qemu/qemu_process.c:3028
> 4 qemuProcessReconnect (opaque=<optimized out>) at qemu/qemu_process.c:7653
> 5 0x00007ffff72c4895 in virThreadHelper (data=<optimized out>) at util/virthread.c:206
> 6 0x00007ffff45dcdd5 in start_thread () from /lib64/libpthread.so.0
> 7 0x00007ffff4305ead in clone () from /lib64/libc.so.6
>
> Signed-off-by: Luyao Huang <lhuang@redhat.com>
> ---
> src/conf/domain_nwfilter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c
> index 948b324..24b5f42 100644
> --- a/src/conf/domain_nwfilter.c
> +++ b/src/conf/domain_nwfilter.c
> @@ -90,7 +90,7 @@ virDomainConfNWFilterInstantiate(const char *vmname,
> virConnectPtr conn = virGetConnectNWFilter();
> virNWFilterBindingDefPtr def = NULL;
> virNWFilterBindingPtr binding = NULL;
> - char *xml;
> + char *xml = NULL;
> int ret = -1;
>
> VIR_DEBUG("vmname=%s portdev=%s filter=%s ignoreExists=%d",
>
Slightly reworked the commit message, ACKed and pushed.
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Thanks for your quick review ! :)
Have a nice day !
Luyao
----- Original Message -----
From: "Michal Prívozník" <mprivozn@redhat.com>
To: "Luyao Huang" <lhuang@redhat.com>, libvir-list@redhat.com
Sent: Thursday, July 5, 2018 5:11:41 PM
Subject: Re: [libvirt] [PATCH] conf: initialize character pointer xml value to avoid random crash
On 07/05/2018 06:34 AM, Luyao Huang wrote:
> If the code jump to the cleanup before assagin value to xml pointer,
> libvirtd may get crashed when try to free an uninitialized pointer.
>
> backtrace:
>
> 0 0x00007ffff428d59c in free () from /lib64/libc.so.6
> 1 0x00007ffff721314a in virFree (ptrptr=ptrptr@entry=0x7fffc67f1b00) at util/viralloc.c:582
> 2 0x00007ffff7345ac4 in virDomainConfNWFilterInstantiate (vmname=<optimized out>,
> vmuuid=vmuuid@entry=0x7fffc0181ca8 "߉\237\\۔H\262\206z\340\302f\265\233z", net=<optimized out>,
> ignoreExists=ignoreExists@entry=true) at conf/domain_nwfilter.c:122
> 3 0x00007fffca5a77f6 in qemuProcessFiltersInstantiate (ignoreExists=true, def=0x7fffc0181ca0) at qemu/qemu_process.c:3028
> 4 qemuProcessReconnect (opaque=<optimized out>) at qemu/qemu_process.c:7653
> 5 0x00007ffff72c4895 in virThreadHelper (data=<optimized out>) at util/virthread.c:206
> 6 0x00007ffff45dcdd5 in start_thread () from /lib64/libpthread.so.0
> 7 0x00007ffff4305ead in clone () from /lib64/libc.so.6
>
> Signed-off-by: Luyao Huang <lhuang@redhat.com>
> ---
> src/conf/domain_nwfilter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/conf/domain_nwfilter.c b/src/conf/domain_nwfilter.c
> index 948b324..24b5f42 100644
> --- a/src/conf/domain_nwfilter.c
> +++ b/src/conf/domain_nwfilter.c
> @@ -90,7 +90,7 @@ virDomainConfNWFilterInstantiate(const char *vmname,
> virConnectPtr conn = virGetConnectNWFilter();
> virNWFilterBindingDefPtr def = NULL;
> virNWFilterBindingPtr binding = NULL;
> - char *xml;
> + char *xml = NULL;
> int ret = -1;
>
> VIR_DEBUG("vmname=%s portdev=%s filter=%s ignoreExists=%d",
>
Slightly reworked the commit message, ACKed and pushed.
Michal
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.