Re: [libvirt] [PATCH 0/9] json: Fix leak/double-free, clean up code and privatize virJSONValue
On Fri, Mar 30, 2018 at 12:59:07PM +0200, Peter Krempa wrote:
Coverity was not wrong about the usage of 'a'/'A'
modifiers for
virJSONValueObjectAddVArgs as noted in [1]. Fix the possible
leak/double-free, and add test to make sure it works as expected.
Do you have any idea how to trigger the double-free scenario ? In particular
is it something that a broken / malicious QEMU monitor / guest agent can
cause us todo. If so we'll need to request a CVE assignment for this flaw.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|