Re: [Libvirt-cim] [PATCH 8/8] xmlgen: Avoid double-free
"Eduardo Lima (Etrunko)" <eblima(a)linux.vnet.ibm.com>
Sent by: libvirt-cim-bounces(a)redhat.com
11/03/2011 10:48 AM
Please respond to
List for discussion and development of libvirt CIM
<libvirt-cim(a)redhat.com>
To
libvirt-cim(a)redhat.com
cc
"Eduardo Lima \(Etrunko\)" <eblima(a)br.ibm.com>
Subject
[Libvirt-cim] [PATCH 8/8] xmlgen: Avoid double-free
From: Eduardo Lima (Etrunko) <eblima(a)br.ibm.com>
As revealed by Coverity scan report:
https://bugzilla.redhat.com/show_bug.cgi?id=728245#c8
https://bugzilla.redhat.com/attachment.cgi?id=530435
Error: USE_AFTER_FREE:
xmlgen.c:1271: freed_arg: "free" frees "string".
xmlgen.c:1317: double_free: Calling "free" frees pointer "string"
which
has
already been freed.
Error: USE_AFTER_FREE:
xmlgen.c:1288: freed_arg: "free" frees "string".
xmlgen.c:1317: double_free: Calling "free" frees pointer "string"
which
has
already been freed.
Signed-off-by: Eduardo Lima (Etrunko) <eblima(a)br.ibm.com>
---
libxkutil/xmlgen.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/libxkutil/xmlgen.c b/libxkutil/xmlgen.c
index ee20895..4cca75b 100644
--- a/libxkutil/xmlgen.c
+++ b/libxkutil/xmlgen.c
@@ -1292,6 +1292,7 @@ static const char *storage_vol_xml(xmlNodePtr root,
goto out;
free(string);
+ string = NULL;
shouldn't you be removing the free?
if (vol->cap_units != NULL) {
xmlAttrPtr tmp = NULL;
@@ -1309,6 +1310,7 @@ static const char *storage_vol_xml(xmlNodePtr root,
goto out;
free(string);
+ string = NULL;
same here.
-Sharad
if (vol->cap_units != NULL) {
xmlAttrPtr tmp = NULL;
--
1.7.4.4
_______________________________________________
Libvirt-cim mailing list
Libvirt-cim(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-cim