Re: [libvirt] [PATCH 5/5] leasehelper: Refactor copying of old entries to avoid double free
On 16.6.2014 17:21, Peter Krempa wrote:
s/leasehelper/leaseshelper/ in subject
When copying entries from the old lease file into the new array the
old
code would copy the pointer of the json object into the second array
without removing it from the first. Afterwards when both arrays were
freed this might lead to a crash due to access of already freed memory.
Refactor the code to use the new array item stealing helper added to the
json code so that the entry resides just in one array.
---
src/network/leaseshelper.c | 79 +++++++++++++++++++++++++---------------------
1 file changed, 43 insertions(+), 36 deletions(-)
[..]
- /* Check whether lease has to be included or not */
- if (delete && STREQ(ip_tmp, ip))
- continue;
+ /* Move old lease to new array */
+ lease_tmp = virJSONValueArraySteal(leases_array, i);
There is a possible memory leak if the append fails. Probably move this
function after the successful append and ignore the return value.
- /* Add old lease to new array */
- if (virJSONValueArrayAppend(leases_array_new, lease_tmp) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("failed to create json"));
- goto cleanup;
+ if (virJSONValueArrayAppend(leases_array_new, lease_tmp) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("failed to create json"));
+ goto cleanup;
+ }
+ }
}
}
ACK with changes
Pavel