The XM driver's implementation of the 'detach device' command is causing memory corruption, but passing the wrong size information to memmove() by passing number of elements to move, instead of amount of memory to move. This patch fixes it Daniel diff -rup libvirt-0.6.2.orig/src/xm_internal.c libvirt-0.6.2.new/src/xm_internal.c --- libvirt-0.6.2.orig/src/xm_internal.c 2009-04-03 15:04:28.000000000 +0100 +++ libvirt-0.6.2.new/src/xm_internal.c 2009-04-23 10:53:10.000000000 +0100 @@ -2912,7 +2912,8 @@ xenXMDomainDetachDevice(virDomainPtr dom if (i < (def->ndisks - 1)) memmove(def->disks + i, def->disks + i + 1, - def->ndisks - (i + 1)); + sizeof(*def->disks) * + (def->ndisks - (i + 1))); break; } } @@ -2929,7 +2930,8 @@ xenXMDomainDetachDevice(virDomainPtr dom if (i < (def->nnets - 1)) memmove(def->nets + i, def->nets + i + 1, - def->nnets - (i + 1)); + sizeof(*def->nets) * + (def->nnets - (i + 1))); break; } } -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|