[PATCH 0/3] qemu: fix off-by-one memory allocation
String list was allocated without extra element. Peter Krempa (3): qemuBlockBitmapsHandleCommitStart: Fix allocation of string list qemuBlockBitmapsHandleCommitFinish: Use proper variable to iterate qemublocktest: Add tests for re-enabling of bitmaps after commit src/qemu/qemu_block.c | 4 +- .../bitmap/snapshots-synthetic-broken.json | 18 ++++++++ .../bitmap/snapshots-synthetic-broken.out | 2 + .../snapshots-synthetic-broken-1-2 | 30 ++++++++++++ .../snapshots-synthetic-broken-1-3 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-1-4 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-1-5 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-3 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-4 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-5 | 46 +++++++++++++++++++ 10 files changed, 328 insertions(+), 2 deletions(-) -- 2.24.1
Allocate space also for the terminating NULL. Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index cc2edff5e0..115682c39d 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -3021,7 +3021,7 @@ qemuBlockBitmapsHandleCommitStart(virStorageSourcePtr topsrc, if (!(entry = virHashLookup(blockNamedNodeData, basesrc->nodeformat))) return 0; - bitmaplist = g_new0(char *, entry->nbitmaps); + bitmaplist = g_new0(char *, entry->nbitmaps + 1); for (i = 0; i < entry->nbitmaps; i++) { qemuBlockNamedNodeDataBitmapPtr bitmap = entry->bitmaps[i]; -- 2.24.1
The function repeatedly checked the first element rather than interating through the array. Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 115682c39d..f95ebb6fa7 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -3177,7 +3177,7 @@ qemuBlockBitmapsHandleCommitFinish(virStorageSourcePtr topsrc, char **disabledbitmaps; for (disabledbitmaps = disabledBitmapsBase; *disabledbitmaps; disabledbitmaps++) { - if (STREQ(*disabledBitmapsBase, bitmap->name)) { + if (STREQ(*disabledbitmaps, bitmap->name)) { bitmapdata = g_new0(struct qemuBlockBitmapsHandleCommitData, 1); bitmapdata->create = false; -- 2.24.1
On a Tuesday in 2020, Peter Krempa wrote:
The function repeatedly checked the first element rather than interating
iterating
through the array.
Reported-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_block.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Jano
Some branches were not covered and thus we didn't catch that the bitmaps are not re-enabled if nothing is merged into them. Two bitmaps are necessary to reliably test the case due to hash table ordering. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- .../bitmap/snapshots-synthetic-broken.json | 18 ++++++++ .../bitmap/snapshots-synthetic-broken.out | 2 + .../snapshots-synthetic-broken-1-2 | 30 ++++++++++++ .../snapshots-synthetic-broken-1-3 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-1-4 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-1-5 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-3 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-4 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-5 | 46 +++++++++++++++++++ 9 files changed, 326 insertions(+) diff --git a/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.json b/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.json index bf4963494f..8cf14d4baa 100644 --- a/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.json +++ b/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.json @@ -398,6 +398,24 @@ "granularity": 65536, "count": 0 }, + { + "name": "oa", + "recording": true, + "persistent": true, + "busy": false, + "status": "active", + "granularity": 65536, + "count": 0 + }, + { + "name": "ob", + "recording": true, + "persistent": true, + "busy": false, + "status": "active", + "granularity": 65536, + "count": 0 + }, { "name": "d", "recording": true, diff --git a/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.out b/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.out index 022630bd76..ad24a580f1 100644 --- a/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.out +++ b/tests/qemublocktestdata/bitmap/snapshots-synthetic-broken.out @@ -3,6 +3,8 @@ libvirt-1-format: current: record:1 busy:0 persist:1 inconsist:0 gran:65536 dirty:0 libvirt-2-format: c: record:0 busy:0 persist:1 inconsist:0 gran:65536 dirty:0 + oa: record:1 busy:0 persist:1 inconsist:0 gran:65536 dirty:0 + ob: record:1 busy:0 persist:1 inconsist:0 gran:65536 dirty:0 d: record:1 busy:0 persist:1 inconsist:1 gran:65536 dirty:0 libvirt-3-format: a: record:0 busy:0 persist:1 inconsist:0 gran:65536 dirty:0 diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-2 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-2 index d413fbe723..463120d442 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-2 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-2 @@ -1,4 +1,20 @@ pre job bitmap disable: +[ + { + "type": "block-dirty-bitmap-disable", + "data": { + "node": "libvirt-2-format", + "name": "oa" + } + }, + { + "type": "block-dirty-bitmap-disable", + "data": { + "node": "libvirt-2-format", + "name": "ob" + } + } +] merge bitmpas: [ { @@ -23,5 +39,19 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-enable", + "data": { + "node": "libvirt-2-format", + "name": "oa" + } + }, + { + "type": "block-dirty-bitmap-enable", + "data": { + "node": "libvirt-2-format", + "name": "ob" + } } ] diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-3 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-3 index 6eb14f927a..fec6f95dd1 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-3 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-3 @@ -62,5 +62,51 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-3-format", + "name": "oa", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-3-format", + "target": "oa", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "oa" + } + ] + } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-3-format", + "name": "ob", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-3-format", + "target": "ob", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "ob" + } + ] + } } ] diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-4 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-4 index f4d9b72576..697230f67b 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-4 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-4 @@ -69,5 +69,51 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-4-format", + "name": "oa", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-4-format", + "target": "oa", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "oa" + } + ] + } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-4-format", + "name": "ob", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-4-format", + "target": "ob", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "ob" + } + ] + } } ] diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-5 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-5 index a8e575c2d9..6bf1f0da64 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-5 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-1-5 @@ -69,5 +69,51 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-5-format", + "name": "oa", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-5-format", + "target": "oa", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "oa" + } + ] + } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-5-format", + "name": "ob", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-5-format", + "target": "ob", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "ob" + } + ] + } } ] diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-3 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-3 index d468e2b9d8..f202bb94b1 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-3 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-3 @@ -39,5 +39,51 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-3-format", + "name": "oa", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-3-format", + "target": "oa", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "oa" + } + ] + } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-3-format", + "name": "ob", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-3-format", + "target": "ob", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "ob" + } + ] + } } ] diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-4 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-4 index 2a9986bac6..864cc9041b 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-4 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-4 @@ -46,5 +46,51 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-4-format", + "name": "oa", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-4-format", + "target": "oa", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "oa" + } + ] + } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-4-format", + "name": "ob", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-4-format", + "target": "ob", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "ob" + } + ] + } } ] diff --git a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-5 b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-5 index 47d9f6e17a..4c5d8dbe80 100644 --- a/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-5 +++ b/tests/qemublocktestdata/bitmapblockcommit/snapshots-synthetic-broken-2-5 @@ -46,5 +46,51 @@ merge bitmpas: } ] } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-5-format", + "name": "oa", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-5-format", + "target": "oa", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "oa" + } + ] + } + }, + { + "type": "block-dirty-bitmap-add", + "data": { + "node": "libvirt-5-format", + "name": "ob", + "persistent": true, + "disabled": false, + "granularity": 65536 + } + }, + { + "type": "block-dirty-bitmap-merge", + "data": { + "node": "libvirt-5-format", + "target": "ob", + "bitmaps": [ + { + "node": "libvirt-2-format", + "name": "ob" + } + ] + } } ] -- 2.24.1
On a Tuesday in 2020, Peter Krempa wrote:
String list was allocated without extra element.
Peter Krempa (3): qemuBlockBitmapsHandleCommitStart: Fix allocation of string list qemuBlockBitmapsHandleCommitFinish: Use proper variable to iterate qemublocktest: Add tests for re-enabling of bitmaps after commit
src/qemu/qemu_block.c | 4 +- .../bitmap/snapshots-synthetic-broken.json | 18 ++++++++ .../bitmap/snapshots-synthetic-broken.out | 2 + .../snapshots-synthetic-broken-1-2 | 30 ++++++++++++ .../snapshots-synthetic-broken-1-3 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-1-4 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-1-5 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-3 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-4 | 46 +++++++++++++++++++ .../snapshots-synthetic-broken-2-5 | 46 +++++++++++++++++++ 10 files changed, 328 insertions(+), 2 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
On Tue, Mar 17, 2020 at 04:05:12PM +0100, Peter Krempa wrote:
String list was allocated without extra element.
Peter Krempa (3): qemuBlockBitmapsHandleCommitStart: Fix allocation of string list qemuBlockBitmapsHandleCommitFinish: Use proper variable to iterate qemublocktest: Add tests for re-enabling of bitmaps after commit
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Daniel P. Berrangé <berrange@redhat.com> this fixes the freebsd crashes our CI saw. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
participants (3)
-
Daniel P. Berrangé -
Ján Tomko -
Peter Krempa