[libvirt] [PATCH] qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()
A part of the returned monitor response was freed twice and caused crashes of the daemon when using guest agent cpu count retrieval. # virsh vcpucount dom --guest Introduced in v1.0.6-48-gc6afcb0 --- src/qemu/qemu_agent.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index aca5ff3..72bf211 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon, cleanup: virJSONValueFree(cmd); virJSONValueFree(reply); - virJSONValueFree(data); return ret; } -- 1.8.3.2
On Tue, Jul 16, 2013 at 03:47:10PM +0200, Peter Krempa wrote:
A part of the returned monitor response was freed twice and caused crashes of the daemon when using guest agent cpu count retrieval.
# virsh vcpucount dom --guest
Introduced in v1.0.6-48-gc6afcb0 --- src/qemu/qemu_agent.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index aca5ff3..72bf211 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon, cleanup: virJSONValueFree(cmd); virJSONValueFree(reply); - virJSONValueFree(data); return ret; }
This is a strong indication that we need test coverage for the QEMU agent APIs. I think you could easily add a tests/qemuagenttest.c file by copying the existing qemumonitorjsontest.c & s/Monitor/Agent/, and thus get test coverage of this flaw. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 07/16/13 15:52, Daniel P. Berrange wrote:
On Tue, Jul 16, 2013 at 03:47:10PM +0200, Peter Krempa wrote:
A part of the returned monitor response was freed twice and caused crashes of the daemon when using guest agent cpu count retrieval.
# virsh vcpucount dom --guest
Introduced in v1.0.6-48-gc6afcb0 --- src/qemu/qemu_agent.c | 1 - 1 file changed, 1 deletion(-)
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index aca5ff3..72bf211 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon, cleanup: virJSONValueFree(cmd); virJSONValueFree(reply); - virJSONValueFree(data); return ret; }
This is a strong indication that we need test coverage for the QEMU agent APIs. I think you could easily add a tests/qemuagenttest.c file by copying the existing qemumonitorjsontest.c & s/Monitor/Agent/, and thus get test coverage of this flaw.
I've pushed this patch and will try to figure out a suitable test pattern for testing agent interaction before the 1.1.1 release.
Daniel
Peter
participants (2)
-
Daniel P. Berrange -
Peter Krempa