Re: [libvirt] [PATCH 3/4] util: reset the counters to zero
On 02/09/2017 09:13 AM, Marc Hartmayer wrote:
After freeing the data structures we have to reset the counters to
zero. This fixes a segmentation fault when virNetDevIPInfoClear is
called twice (e.g. this is possible in virDomainNetDefParseXML() if
virDomainNetIPInfoParseXML(...) fails with ret < 0 (this leads to the
first call of 'virNetDevIPInfoClear(&def->guestIP)') and the resulting
call of virDomainNetDefFree(def) in the error path of
virDomainNetDefParseXML() (this leads to the second call of
virNetDevIPInfoClear(&def->guestIP), and finally to the segmentation
fault).
ACK, and I take full responsibility for introducing the bug :-/
(This shows the danger of believing that merely moving a chunk of code
into a subordinate function that's called in place of the original code
won't lead to a regression; previously it wasn't possible to call it
twice on the same object, but now it is)
Signed-off-by: Marc Hartmayer <mhartmay(a)linux.vnet.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy(a)linux.vnet.ibm.com>
Reviewed-by: Bjoern Walk <bwalk(a)linux.vnet.ibm.com>
---
src/util/virnetdevip.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/util/virnetdevip.c b/src/util/virnetdevip.c
index d159760..42fbba1 100644
--- a/src/util/virnetdevip.c
+++ b/src/util/virnetdevip.c
@@ -882,10 +882,12 @@ virNetDevIPInfoClear(virNetDevIPInfoPtr ip)
for (i = 0; i < ip->nips; i++)
VIR_FREE(ip->ips[i]);
VIR_FREE(ip->ips);
+ ip->nips = 0;
for (i = 0; i < ip->nroutes; i++)
virNetDevIPRouteFree(ip->routes[i]);
VIR_FREE(ip->routes);
+ ip->nroutes = 0;
}