On 03/12/2014 05:26 PM, Jim Fehlig wrote:
Commit 6b306d66 converted virHostdevManager to a virObject, but missed adding a virObject field to the virHostdevManager struct. Result is memory corruption when taking a reference on an instance of the object, where atomic inc is done on the stateDir field. Later use of stateDir crashes libvirtd.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> --- src/util/virhostdev.h | 2 ++ 1 file changed, 2 insertions(+)
ACK.
diff --git a/src/util/virhostdev.h b/src/util/virhostdev.h index ade7e2f..a56a2b5 100644 --- a/src/util/virhostdev.h +++ b/src/util/virhostdev.h @@ -45,6 +45,8 @@ typedef enum { typedef struct _virHostdevManager virHostdevManager; typedef virHostdevManager *virHostdevManagerPtr; struct _virHostdevManager { + virObject parent; + char *stateDir;
virPCIDeviceListPtr activePCIHostdevs;
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org