[PATCH] Re: [Libvir] Segfault with invalid virConnectPtr

Richard W.M. Jones wrote: So a couple of things to say about this. Firstly attached is a patch which fixes the libvirt problem, by passing NULL when we find that a connection is invalid, rather than passing the known invalid connection to virLibConnError. (It also fixes the same problem with virDomainPtr and virNetworkPtr objects). Secondly I worked out why my program was passing an invalid connection pointer, and it may act as a salutary lesson for anyone writing libvirt bindings for a language which has real garbage collection (hello, Java). In the normal case I wrap objects like virConnectPtr, virDomainPtr in an OCaml object which has an attached finaliser. Thus the OCaml user doesn't need to worry about manually freeing these objects - the garbage collector will collect them when they become unreachable and the finaliser will call virConnectClose, virDomainFree, etc. as appropriate. The problem I was hitting was when a libvirt function raised an error (ie. virterror), which contains a virConnectPtr, virDomainPtr and virNetworkPtr. I was using my normal wrapping functions to attach finalisers, but that was the wrong thing to do in this case because virterror does not increment the reference counts of these objects. When my OCaml virterror exception was garbage collected, that would cause virConnectClose in this case to be called, but that closed the connection that I was still using, resulting in the main program continuing to use a closed virConnectPtr. Note that the same double-free or invalid pointer use could also happen with the domain pointer or the network pointer in the virterror. It was just my good luck that it happened to be the connection pointer that got closed first which made the error rather more obvious and easier to find. The partial solution on the OCaml side is to use a special wrapper function for the virterror objects which doesn't attach a finaliser. This is not a complete solution because an OCaml program might save the exception and use it later, after the virConnectPtr, virDomainPtr or virNetworkPtr that it contains have been freed elsewhere. So the OCaml program becomes unsafe, and we have to tell users not to save these exceptions. Unfortunately there is no good solution on the C side either: if we change virterror so it increments the reference counts then any C program which uses virterror will have to be changed. (The above is fixed in ocaml-libvirt bindings >= 0.3.2.6). Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903