On Mon, Sep 19, 2011 at 04:04:04PM +0800, Daniel Veillard wrote:
On Sun, Sep 18, 2011 at 09:37:22AM -0500, Adam Litke wrote: Hum, I wonder if remoteRelayDomainEventBlockJob shouldn't strdup the path string instead of using it directly in the remote_domain_event_block_job_msg block. As a result since we now free the datapointed by the xdr message within remoteDispatchDomainEventSend() , this errors wasn't shown before but leads to a double free now.
BTW it seems we don't check all allocations in the xdr code (on purpose ?) for example make_nonnull_domain() doesn't check a strdup.
Could you check the following patch ?
Yep, this seems to fix the problem (and an extra check with valgrind shows no memory leaks. Although I haven't verified it, the functions: remoteRelayDomainEventIOError remoteRelayDomainEventIOErrorReason remoteRelayDomainEventGraphics appear to have the same problem as well.
diff --git a/daemon/remote.c b/daemon/remote.c index 38bbb10..1d9156c 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -356,7 +356,11 @@ static int remoteRelayDomainEventBlockJob(virConnectPtr conn ATTRIBUTE_UNUSED, /* build return data */ memset(&data, 0, sizeof data); make_nonnull_domain(&data.dom, dom); - data.path = (char*)path; + data.path = strdup(path); + if (data.path == NULL) { + virReportOOMError(); + return -1; + } data.type = type; data.status = status;
Tested-by: Adam Litke <agl@us.ibm.com> -- Adam Litke <agl@us.ibm.com> IBM Linux Technology Center