[libvirt] [PATCH] xenconfig: avoid double free on OOM testing

Jim Fehlig posted 1 patch 6 years, 11 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20170413170741.29345-1-jfehlig@suse.com
src/xenconfig/xen_xl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[libvirt] [PATCH] xenconfig: avoid double free on OOM testing
Posted by Jim Fehlig 6 years, 11 months ago
Fix xlconfig channel tests when OOM testing is enabled.

TEST: xlconfigtest
32) Xen XL-2-XML Format channel-unix                                  ... OK
    Test OOM for nalloc=55 ................................................*** Error in `/home/jfehlig/virt/upstream/libvirt/tests/.libs/xlconfigtest': double free or corruption (fasttop): 0x0000000000679550 ***
...
(gdb) bt
#0  0x00007ffff36875af in raise () from /lib64/libc.so.6
#1  0x00007ffff36889aa in abort () from /lib64/libc.so.6
#2  0x00007ffff36c5150 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff36cb4f6 in malloc_printerr () from /lib64/libc.so.6
#4  0x00007ffff36cbcee in _int_free () from /lib64/libc.so.6
#5  0x00007ffff782babf in virFree (ptrptr=0x7fffffffdca8) at util/viralloc.c:582
#6  0x000000000042f2f3 in xenParseXLChannel (conf=0x677350, def=0x6815b0) at xenconfig/xen_xl.c:788
#7  0x000000000042f44e in xenParseXL (conf=0x677350, caps=0x6832b0, xmlopt=0x67f6e0) at xenconfig/xen_xl.c:828
#8  0x00000000004105a3 in testCompareFormatXML (
    xlcfg=0x6811e0 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.cfg",
    xml=0x681110 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.xml", replaceVars=false)
    at xlconfigtest.c:152

When a channel is successfully parsed and its path and name fields
assigned from local variables, set the local variables to NULL to
prevent a double free on error.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 src/xenconfig/xen_xl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index 43ecf4114..a5b342a86 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -759,8 +759,9 @@ xenParseXLChannel(virConfPtr conf, virDomainDefPtr def)
 
             if (STRPREFIX(type, "socket")) {
                 channel->source->type = VIR_DOMAIN_CHR_TYPE_UNIX;
-                channel->source->data.nix.path = path;
                 channel->source->data.nix.listen = 1;
+                channel->source->data.nix.path = path;
+                path = NULL;
             } else if (STRPREFIX(type, "pty")) {
                 channel->source->type = VIR_DOMAIN_CHR_TYPE_PTY;
                 VIR_FREE(path);
@@ -771,6 +772,7 @@ xenParseXLChannel(virConfPtr conf, virDomainDefPtr def)
             channel->deviceType = VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL;
             channel->targetType = VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_XEN;
             channel->target.name = name;
+            name = NULL;
 
             if (VIR_APPEND_ELEMENT(def->channels, def->nchannels, channel) < 0)
                 goto cleanup;
-- 
2.11.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] xenconfig: avoid double free on OOM testing
Posted by Peter Krempa 6 years, 11 months ago
On Thu, Apr 13, 2017 at 11:07:41 -0600, Jim Fehlig wrote:
> Fix xlconfig channel tests when OOM testing is enabled.
> 
> TEST: xlconfigtest
> 32) Xen XL-2-XML Format channel-unix                                  ... OK
>     Test OOM for nalloc=55 ................................................*** Error in `/home/jfehlig/virt/upstream/libvirt/tests/.libs/xlconfigtest': double free or corruption (fasttop): 0x0000000000679550 ***
> ...
> (gdb) bt
> #0  0x00007ffff36875af in raise () from /lib64/libc.so.6
> #1  0x00007ffff36889aa in abort () from /lib64/libc.so.6
> #2  0x00007ffff36c5150 in __libc_message () from /lib64/libc.so.6
> #3  0x00007ffff36cb4f6 in malloc_printerr () from /lib64/libc.so.6
> #4  0x00007ffff36cbcee in _int_free () from /lib64/libc.so.6
> #5  0x00007ffff782babf in virFree (ptrptr=0x7fffffffdca8) at util/viralloc.c:582
> #6  0x000000000042f2f3 in xenParseXLChannel (conf=0x677350, def=0x6815b0) at xenconfig/xen_xl.c:788
> #7  0x000000000042f44e in xenParseXL (conf=0x677350, caps=0x6832b0, xmlopt=0x67f6e0) at xenconfig/xen_xl.c:828
> #8  0x00000000004105a3 in testCompareFormatXML (
>     xlcfg=0x6811e0 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.cfg",
>     xml=0x681110 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.xml", replaceVars=false)
>     at xlconfigtest.c:152
> 
> When a channel is successfully parsed and its path and name fields
> assigned from local variables, set the local variables to NULL to
> prevent a double free on error.
> 
> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
> ---
>  src/xenconfig/xen_xl.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

ACK
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] xenconfig: avoid double free on OOM testing
Posted by Jim Fehlig 6 years, 11 months ago
Peter Krempa wrote:
> On Thu, Apr 13, 2017 at 11:07:41 -0600, Jim Fehlig wrote:
>> Fix xlconfig channel tests when OOM testing is enabled.
>>
>> TEST: xlconfigtest
>> 32) Xen XL-2-XML Format channel-unix                                  ... OK
>>     Test OOM for nalloc=55 ................................................*** Error in `/home/jfehlig/virt/upstream/libvirt/tests/.libs/xlconfigtest': double free or corruption (fasttop): 0x0000000000679550 ***
>> ...
>> (gdb) bt
>> #0  0x00007ffff36875af in raise () from /lib64/libc.so.6
>> #1  0x00007ffff36889aa in abort () from /lib64/libc.so.6
>> #2  0x00007ffff36c5150 in __libc_message () from /lib64/libc.so.6
>> #3  0x00007ffff36cb4f6 in malloc_printerr () from /lib64/libc.so.6
>> #4  0x00007ffff36cbcee in _int_free () from /lib64/libc.so.6
>> #5  0x00007ffff782babf in virFree (ptrptr=0x7fffffffdca8) at util/viralloc.c:582
>> #6  0x000000000042f2f3 in xenParseXLChannel (conf=0x677350, def=0x6815b0) at xenconfig/xen_xl.c:788
>> #7  0x000000000042f44e in xenParseXL (conf=0x677350, caps=0x6832b0, xmlopt=0x67f6e0) at xenconfig/xen_xl.c:828
>> #8  0x00000000004105a3 in testCompareFormatXML (
>>     xlcfg=0x6811e0 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.cfg",
>>     xml=0x681110 "/home/jfehlig/virt/upstream/libvirt/tests/xlconfigdata/test-channel-unix.xml", replaceVars=false)
>>     at xlconfigtest.c:152
>>
>> When a channel is successfully parsed and its path and name fields
>> assigned from local variables, set the local variables to NULL to
>> prevent a double free on error.
>>
>> Signed-off-by: Jim Fehlig <jfehlig@suse.com>
>> ---
>>  src/xenconfig/xen_xl.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> ACK

Thanks, pushed now.

Regards,
Jim

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list