Re: [libvirt] libvirt-0.9.5 availability of rc2
On Sun, Sep 18, 2011 at 09:37:22AM -0500, Adam Litke wrote:
I am getting SIGABRT and SIGSEGV in libvirtd when trying to catch
blockJob
events.
When running under valgrind I get the following:
==19819== Thread 1:
==19819== Invalid free() / delete / delete[]
==19819== at 0x4C282ED: free (vg_replace_malloc.c:366)
==19819== by 0x4E7B48: virFree (memory.c:310)
==19819== by 0x7669C32: virDomainEventFree (domain_event.c:510)
==19819== by 0x766AFE2: virDomainEventQueueDispatch (domain_event.c:1154)
==19819== by 0x766B19D: virDomainEventStateFlush (domain_event.c:1195)
==19819== by 0x483E15: qemuDomainEventFlush (qemu_domain.c:134)
==19819== by 0x507535: virEventPollRunOnce (event_poll.c:421)
==19819== by 0x4E6D44: virEventRunDefaultImpl (event.c:247)
==19819== by 0x44813C: virNetServerRun (virnetserver.c:701)
==19819== by 0x41FECE: main (libvirtd.c:1564)
==19819== Address 0x131b0a30 is 0 bytes inside a block of size 15 free'd
==19819== at 0x4C282ED: free (vg_replace_malloc.c:366)
==19819== by 0x7FB006C: xdr_string (xdr.c:722)
==19819== by 0x43A5FD: xdr_remote_nonnull_string (remote_protocol.c:30)
==19819== by 0x442E2B: xdr_remote_domain_event_block_job_msg
(remote_protocol.c:4000)
==19819== by 0x7FAF6C4: xdr_free (xdr.c:72)
==19819== by 0x431BDA: remoteRelayDomainEventBlockJob (remote.c:363)
Hum, I wonder if remoteRelayDomainEventBlockJob shouldn't strdup the
path string instead of using it directly in the
remote_domain_event_block_job_msg block. As a result since we now
free the datapointed by the xdr message within
remoteDispatchDomainEventSend() , this errors wasn't shown before but
leads to a double free now.
BTW it seems we don't check all allocations in the xdr code (on purpose
?) for example make_nonnull_domain() doesn't check a strdup.
Could you check the following patch ?
Daniel
diff --git a/daemon/remote.c b/daemon/remote.c
index 38bbb10..1d9156c 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -356,7 +356,11 @@ static int remoteRelayDomainEventBlockJob(virConnectPtr conn
ATTRIBUTE_UNUSED,
/* build return data */
memset(&data, 0, sizeof data);
make_nonnull_domain(&data.dom, dom);
- data.path = (char*)path;
+ data.path = strdup(path);
+ if (data.path == NULL) {
+ virReportOOMError();
+ return -1;
+ }
data.type = type;
data.status = status;
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/