Re: [libvirt] [PATCH] qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()

Tuesday, 16 July 2013

On Tue, Jul 16, 2013 at 03:47:10PM +0200, Peter Krempa wrote:
...
 A part of the returned monitor response was freed twice and caused
 crashes of the daemon when using guest agent cpu count retrieval.

  # virsh vcpucount dom --guest

 Introduced in v1.0.6-48-gc6afcb0
 ---
  src/qemu/qemu_agent.c | 1 -
  1 file changed, 1 deletion(-)

 diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
 index aca5ff3..72bf211 100644
 --- a/src/qemu/qemu_agent.c
 +++ b/src/qemu/qemu_agent.c
 @@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon,
  cleanup:
      virJSONValueFree(cmd);
      virJSONValueFree(reply);
 -    virJSONValueFree(data);
      return ret;
  } 
This is a strong indication that we need test coverage for the QEMU agent
APIs. I think you could easily add a tests/qemuagenttest.c file by copying
the existing qemumonitorjsontest.c & s/Monitor/Agent/, and thus get test
coverage of this flaw.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH] qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()