Re: [Libvir] [PATCH] Delete a harmful variable in xend_parse_sexp_desc()
On Mon, Aug 27, 2007 at 05:37:29PM +0900, Masayuki Sunou wrote:
Hi
Xend_parse_sexp_desc() of xend_internal.c declares a variable named
"ret" to buffer SXP.
However, it actually uses "buf.content" not "ret" and allocates
memory
to "buf" when size of "ret" became insufficient.
--> virBufferAdd(&buf, ...);, virBufferVSprintf(&buf, ...)
So freeing "ret" fails, because "ret" refers to an address unlike
"buf.contents"
As a result, a segmentation fault occurs.
This patch fixes so that xend_parse_sexp_desc() uses "buf.contents" not
"ret".
Oh, right, that's fairly nasty, and will occur only if the size of
the XML grow over 4kB ! I tried to look for other patterns like that in
the code but hopefully that's the only place where this was done.
Thanks a lot for the patch, applied and commited !
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/