Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
but introduced a potential double free of mem_tokens

*** Error in `/usr/sbin/libvirtd': double free or corruption (out):
    0x00007fffc808cfd0 ***

Avoid double free by setting mem_tokens to NULL after calling
virStringListFree.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 src/libxl/libxl_conf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index f5b788b50..4bab651b3 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1623,6 +1623,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
             }
         }
         virStringListFree(mem_tokens);
+        mem_tokens = NULL;
     }
 
  physmem:
-- 
2.11.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

On 02/15/2017 12:49 PM, Jim Fehlig wrote:
> Commit 4ab0c959 fixed a memory leak in libxlDriverGetDom0MaxmemConf
> but introduced a potential double free of mem_tokens
> 
> *** Error in `/usr/sbin/libvirtd': double free or corruption (out):
>     0x00007fffc808cfd0 ***
> 
> Avoid double free by setting mem_tokens to NULL after calling
> virStringListFree.
> 
> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
> ---
>  src/libxl/libxl_conf.c | 1 +
>  1 file changed, 1 insertion(+)
> 

ACK

John (face-palm)

> diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
> index f5b788b50..4bab651b3 100644
> --- a/src/libxl/libxl_conf.c
> +++ b/src/libxl/libxl_conf.c
> @@ -1623,6 +1623,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
>              }
>          }
>          virStringListFree(mem_tokens);
> +        mem_tokens = NULL;
>      }
>  
>   physmem:
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list