Re: [libvirt] [PATCH v2] Set the number of elements 0 in virNetwork*Clear

Decrementing it when it was already 0 causes an invalid free in virNetworkDefUpdateDNSHost if virNetworkDNSHostDefParseXML fails and virNetworkDNSHostDefClear gets called twice. virNetworkForwardDefClear left the number untouched even if it freed all the elements. --- src/conf/network_conf.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index d616e12..490b04d 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -134,8 +134,8 @@ virNetworkIpDefClear(virNetworkIpDefPtr def) VIR_FREE(def->family); VIR_FREE(def->ranges); - while (def->nhosts--) - virNetworkDHCPHostDefClear(&def->hosts[def->nhosts]); + while (def->nhosts) + virNetworkDHCPHostDefClear(&def->hosts[--def->nhosts]); VIR_FREE(def->hosts); VIR_FREE(def->tftproot); @@ -158,8 +158,8 @@ virNetworkDNSTxtDefClear(virNetworkDNSTxtDefPtr def) static void virNetworkDNSHostDefClear(virNetworkDNSHostDefPtr def) { - while (def->nnames--) - VIR_FREE(def->names[def->nnames]); + while (def->nnames) + VIR_FREE(def->names[--def->nnames]); VIR_FREE(def->names); } @@ -176,18 +176,18 @@ static void virNetworkDNSDefClear(virNetworkDNSDefPtr def) { if (def->txts) { - while (def->ntxts--) - virNetworkDNSTxtDefClear(&def->txts[def->ntxts]); + while (def->ntxts) + virNetworkDNSTxtDefClear(&def->txts[--def->ntxts]); VIR_FREE(def->txts); } if (def->hosts) { - while (def->nhosts--) - virNetworkDNSHostDefClear(&def->hosts[def->nhosts]); + while (def->nhosts) + virNetworkDNSHostDefClear(&def->hosts[--def->nhosts]); VIR_FREE(def->hosts); } if (def->srvs) { - while (def->nsrvs--) - virNetworkDNSSrvDefClear(&def->srvs[def->nsrvs]); + while (def->nsrvs) + virNetworkDNSSrvDefClear(&def->srvs[--def->nsrvs]); VIR_FREE(def->srvs); } } @@ -206,6 +206,7 @@ virNetworkForwardDefClear(virNetworkForwardDefPtr def) virNetworkForwardIfDefClear(&def->ifs[i]); } VIR_FREE(def->ifs); + def->nifs = def->npfs = 0; } void