On 7/4/24 11:52, Rayhan Faizel wrote:
mem_nodes[i].ndistances is written outside the loop causing an out-of-bounds write leading to heap corruption.
While we are at it, the entire cleanup portion can be removed as it can be handled in virDomainNumaFree. One instance of VIR_FREE is also removed and replaced with g_autofree.
This patch also adds a testcase which would be picked up by ASAN, if this portion regresses.
Fixes: 742494eed8dbdde8b1d05a306032334e6226beea Signed-off-by: Rayhan Faizel <rayhan.faizel@gmail.com> --- src/conf/numa_conf.c | 30 ++++++------------- ...ance-nonexistent-sibling.x86_64-latest.err | 1 + .../cpu-numa-distance-nonexistent-sibling.xml | 29 ++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 4 files changed, 40 insertions(+), 21 deletions(-) create mode 100644 tests/qemuxmlconfdata/cpu-numa-distance-nonexistent-sibling.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/cpu-numa-distance-nonexistent-sibling.xml
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal