From nobody Mon Feb 9 21:37:02 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39 as permitted sender) client-ip=209.132.183.39; envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by mx.zohomail.com with SMTPS id 1486649898416832.7409139705106; Thu, 9 Feb 2017 06:18:18 -0800 (PST) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v19EEHvc041850; Thu, 9 Feb 2017 09:14:17 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v19EE2xq019280 for ; Thu, 9 Feb 2017 09:14:02 -0500 Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com [10.5.110.28]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v19EE2WM019147 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 9 Feb 2017 09:14:02 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8083A8048B for ; Thu, 9 Feb 2017 14:14:01 +0000 (UTC) Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v19EDuaR018864 for ; Thu, 9 Feb 2017 09:14:00 -0500 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0a-001b2d01.pphosted.com with ESMTP id 28gqghpm0q-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 09 Feb 2017 09:13:59 -0500 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 9 Feb 2017 14:13:55 -0000 Received: from d06dlp03.portsmouth.uk.ibm.com (9.149.20.15) by e06smtp07.uk.ibm.com (192.168.101.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 9 Feb 2017 14:13:54 -0000 Received: from b06cxnps4074.portsmouth.uk.ibm.com (d06relay11.portsmouth.uk.ibm.com [9.149.109.196]) by d06dlp03.portsmouth.uk.ibm.com (Postfix) with ESMTP id 621701B08023 for ; Thu, 9 Feb 2017 14:16:47 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v19EDrlC9109830; Thu, 9 Feb 2017 14:13:53 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 867634C052; Thu, 9 Feb 2017 14:13:45 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7083B4C044; Thu, 9 Feb 2017 14:13:45 +0000 (GMT) Received: from marc-ibm.boeblingen.de.ibm.com (unknown [9.152.224.51]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 9 Feb 2017 14:13:45 +0000 (GMT) From: Marc Hartmayer To: Libvirt Mailing List Date: Thu, 9 Feb 2017 15:13:38 +0100 In-Reply-To: <20170209141338.30024-1-mhartmay@linux.vnet.ibm.com> References: <20170209141338.30024-1-mhartmay@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17020914-0028-0000-0000-000002A76523 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17020914-0029-0000-0000-000022523A38 Message-Id: <20170209141338.30024-5-mhartmay@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-09_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702090128 X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 200 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 09 Feb 2017 14:14:01 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Thu, 09 Feb 2017 14:14:01 +0000 (UTC) for IP:'148.163.156.1' DOMAIN:'mx0a-001b2d01.pphosted.com' HELO:'mx0a-001b2d01.pphosted.com' FROM:'mhartmay@linux.vnet.ibm.com' RCPT:'' X-RedHat-Spam-Score: -1.787 (BAYES_50, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2) 148.163.156.1 mx0a-001b2d01.pphosted.com 148.163.156.1 mx0a-001b2d01.pphosted.com X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28 X-loop: libvir-list@redhat.com Cc: Marc Hartmayer Subject: [libvirt] [PATCH 4/4] rpc: Fix potentially segfaults X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" We have to allocate first and if, and only if, it was successful we can set the count. A segfault has occurred in virNetServerServiceNewPostExecRestart() when VIR_ALLOC_N(svc->socks, n) has failed, but svc->nsocsk =3D n was already set. Thus virObejectUnref(svc) was called and therefore it was possible that virNetServerServiceDispose was called =3D> segmentation fault. For safeness NULL pointer check were added in virNetServerServiceDispose(). Signed-off-by: Marc Hartmayer Reviewed-by: Boris Fiuczynski Reviewed-by: Bjoern Walk --- src/rpc/virnetserverservice.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/rpc/virnetserverservice.c b/src/rpc/virnetserverservice.c index 1ef0636..006d041 100644 --- a/src/rpc/virnetserverservice.c +++ b/src/rpc/virnetserverservice.c @@ -228,9 +228,9 @@ virNetServerServicePtr virNetServerServiceNewUNIX(const= char *path, svc->tls =3D virObjectRef(tls); #endif =20 - svc->nsocks =3D 1; - if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) + if (VIR_ALLOC_N(svc->socks, 1) < 0) goto error; + svc->nsocks =3D 1; =20 if (virNetSocketNewListenUNIX(path, mask, @@ -289,9 +289,9 @@ virNetServerServicePtr virNetServerServiceNewFD(int fd, svc->tls =3D virObjectRef(tls); #endif =20 - svc->nsocks =3D 1; - if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) + if (VIR_ALLOC_N(svc->socks, 1) < 0) goto error; + svc->nsocks =3D 1; =20 if (virNetSocketNewListenFD(fd, &svc->socks[0]) < 0) @@ -367,9 +367,9 @@ virNetServerServicePtr virNetServerServiceNewPostExecRe= start(virJSONValuePtr obj goto error; } =20 - svc->nsocks =3D n; - if (VIR_ALLOC_N(svc->socks, svc->nsocks) < 0) + if (VIR_ALLOC_N(svc->socks, n) < 0) goto error; + svc->nsocks =3D n; =20 for (i =3D 0; i < svc->nsocks; i++) { virJSONValuePtr child =3D virJSONValueArrayGet(socks, i); @@ -492,9 +492,11 @@ void virNetServerServiceDispose(void *obj) virNetServerServicePtr svc =3D obj; size_t i; =20 - for (i =3D 0; i < svc->nsocks; i++) - virObjectUnref(svc->socks[i]); - VIR_FREE(svc->socks); + if (svc->socks) { + for (i =3D 0; i < svc->nsocks; i++) + virObjectUnref(svc->socks[i]); + VIR_FREE(svc->socks); + } =20 #if WITH_GNUTLS virObjectUnref(svc->tls); --=20 2.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list