"Eduardo Lima (Etrunko)" <eblima@linux.vnet.ibm.com> Sent by: libvirt-cim-bounces@redhat.com
11/03/2011 10:48 AM
Please respond to List for discussion and development of libvirt CIM <libvirt-cim@redhat.com>
To
libvirt-cim@redhat.com
cc
"Eduardo Lima \(Etrunko\)" <eblima@br.ibm.com>
Subject
[Libvirt-cim] [PATCH 8/8] xmlgen: Avoid double-free
From: Eduardo Lima (Etrunko) <eblima@br.ibm.com>
As revealed by Coverity scan report:
https://bugzilla.redhat.com/show_bug.cgi?id=728245#c8 https://bugzilla.redhat.com/attachment.cgi?id=530435
Error: USE_AFTER_FREE: xmlgen.c:1271: freed_arg: "free" frees "string". xmlgen.c:1317: double_free: Calling "free" frees pointer "string" which has already been freed.
Error: USE_AFTER_FREE: xmlgen.c:1288: freed_arg: "free" frees "string". xmlgen.c:1317: double_free: Calling "free" frees pointer "string" which has already been freed.
Signed-off-by: Eduardo Lima (Etrunko) <eblima@br.ibm.com> --- libxkutil/xmlgen.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/libxkutil/xmlgen.c b/libxkutil/xmlgen.c index ee20895..4cca75b 100644 --- a/libxkutil/xmlgen.c +++ b/libxkutil/xmlgen.c @@ -1292,6 +1292,7 @@ static const char *storage_vol_xml(xmlNodePtr root, goto out;
free(string); + string = NULL;
shouldn't you be removing the free?
if (vol->cap_units != NULL) { xmlAttrPtr tmp = NULL; @@ -1309,6 +1310,7 @@ static const char *storage_vol_xml(xmlNodePtr root, goto out;
free(string); + string = NULL;
same here. -Sharad
if (vol->cap_units != NULL) { xmlAttrPtr tmp = NULL; -- 1.7.4.4
_______________________________________________ Libvirt-cim mailing list Libvirt-cim@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-cim