From nobody Mon Feb 9 10:50:02 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1489739388712205.80348127680588; Fri, 17 Mar 2017 01:29:48 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CACE2437F52; Fri, 17 Mar 2017 08:29:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (unknown [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A066960F83; Fri, 17 Mar 2017 08:29:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4BA274EBDC; Fri, 17 Mar 2017 08:29:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2H8TjuQ001287 for ; Fri, 17 Mar 2017 04:29:45 -0400 Received: by smtp.corp.redhat.com (Postfix) id E9C4D5C887; Fri, 17 Mar 2017 08:29:45 +0000 (UTC) Received: from angien.brq.redhat.com (dhcp129-47.brq.redhat.com [10.34.129.47]) by smtp.corp.redhat.com (Postfix) with ESMTP id 457525C883; Fri, 17 Mar 2017 08:29:45 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com CACE2437F52 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com CACE2437F52 From: Peter Krempa To: libvir-list@redhat.com Date: Fri, 17 Mar 2017 09:30:36 +0100 Message-Id: <2d2b8813b1c23c15486760e1c1e3b78e6f079ebe.1489739397.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH 1/4] qemu: Don't steal pointers from 'persistentDef' in qemuDomainGetBlockIoTune X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 17 Mar 2017 08:29:48 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" While the code path that queries the monitor allocates a separate copy of the 'group_name' string the path querying the config would not copy it. The call to virTypedParameterAssign would then steal the pointer (without clearing it) and the RPC layer freed it. Any subsequent call resulted into a crash. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1433183 --- src/qemu/qemu_driver.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 2032fac71..dcd823f53 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -17707,6 +17707,11 @@ qemuDomainGetBlockIoTune(virDomainPtr dom, goto endjob; } reply =3D disk->blkdeviotune; + + /* Group name needs to be copied since qemuMonitorGetBlockIoThrott= le + * allocates it as well */ + if (VIR_STRDUP(reply.group_name, disk->blkdeviotune.group_name)) + goto endjob; } #define BLOCK_IOTUNE_ASSIGN(name, var) = \ @@ -17736,13 +17741,15 @@ qemuDomainGetBlockIoTune(virDomainPtr dom, BLOCK_IOTUNE_ASSIGN(SIZE_IOPS_SEC, size_iops_sec); - /* NB: Cannot use macro since this is a STRING not a ULLONG */ - if (*nparams < maxparams && - virTypedParameterAssign(¶ms[(*nparams)++], - VIR_DOMAIN_BLOCK_IOTUNE_GROUP_NAME, - VIR_TYPED_PARAM_STRING, - reply.group_name) < 0) - goto endjob; + if (*nparams < maxparams) { + if (virTypedParameterAssign(¶ms[(*nparams)++], + VIR_DOMAIN_BLOCK_IOTUNE_GROUP_NAME, + VIR_TYPED_PARAM_STRING, + reply.group_name) < 0) + goto endjob; + + reply.group_name =3D NULL; + } BLOCK_IOTUNE_ASSIGN(TOTAL_BYTES_SEC_MAX_LENGTH, total_bytes_sec_max_le= ngth); BLOCK_IOTUNE_ASSIGN(READ_BYTES_SEC_MAX_LENGTH, read_bytes_sec_max_leng= th); @@ -17759,6 +17766,7 @@ qemuDomainGetBlockIoTune(virDomainPtr dom, qemuDomainObjEndJob(driver, vm); cleanup: + VIR_FREE(reply.group_name); VIR_FREE(device); virDomainObjEndAPI(&vm); return ret; --=20 2.12.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list