[libvirt] [PATCH] parallels: fix libvirt crash if parallelsNetworkClose fails
If, by any reason, parallelsNetworkClose fails it dereferences newly allocated privconn->networks via virObjectUnref, which in turn deallocates its memory. Subsequent call of parallelsNetworkClose calls virObjectUnref that leads to double memory free. To prevent this we should zero privconn->networks to make all subsequent virObjectUnref be safe. Signed-off-by: Maxim Nestratov <mnestratov@parallels.com> --- src/parallels/parallels_network.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/parallels/parallels_network.c b/src/parallels/parallels_network.c index 8cc0582..8caad4a 100644 --- a/src/parallels/parallels_network.c +++ b/src/parallels/parallels_network.c @@ -348,6 +348,7 @@ parallelsNetworkOpen(virConnectPtr conn, return VIR_DRV_OPEN_SUCCESS; error: virObjectUnref(privconn->networks); + privconn->networks = NULL; return VIR_DRV_OPEN_DECLINED; } -- 1.7.1
On 19.03.2015 15:36, Maxim Nestratov wrote:
If, by any reason, parallelsNetworkClose fails it dereferences newly allocated privconn->networks via virObjectUnref, which in turn deallocates its memory. Subsequent call of parallelsNetworkClose calls virObjectUnref that leads to double memory free. To prevent this we should zero privconn->networks to make all subsequent virObjectUnref be safe.
Signed-off-by: Maxim Nestratov <mnestratov@parallels.com> --- src/parallels/parallels_network.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/parallels/parallels_network.c b/src/parallels/parallels_network.c index 8cc0582..8caad4a 100644 --- a/src/parallels/parallels_network.c +++ b/src/parallels/parallels_network.c @@ -348,6 +348,7 @@ parallelsNetworkOpen(virConnectPtr conn, return VIR_DRV_OPEN_SUCCESS; error: virObjectUnref(privconn->networks); + privconn->networks = NULL; return VIR_DRV_OPEN_DECLINED; }
This patch is to be ignored since I've pushed the other one: https://www.redhat.com/archives/libvir-list/2015-March/msg01002.html Michal
Right. I sent this by a mistake and then asked to ignore it. Thank you. Maxim
-----Original Message----- From: Michal Privoznik [mailto:mprivozn@redhat.com] Sent: Thursday, March 19, 2015 6:41 PM To: Maxim Nestratov; libvir-list@redhat.com Subject: Re: [libvirt] [PATCH] parallels: fix libvirt crash if parallelsNetworkClose fails
On 19.03.2015 15:36, Maxim Nestratov wrote:
If, by any reason, parallelsNetworkClose fails it dereferences newly allocated privconn->networks via virObjectUnref, which in turn deallocates its memory. Subsequent call of parallelsNetworkClose calls virObjectUnref that leads to double memory free. To prevent this we should zero privconn->networks to make all subsequent virObjectUnref be safe.
Signed-off-by: Maxim Nestratov <mnestratov@parallels.com> --- src/parallels/parallels_network.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/parallels/parallels_network.c b/src/parallels/parallels_network.c index 8cc0582..8caad4a 100644 --- a/src/parallels/parallels_network.c +++ b/src/parallels/parallels_network.c @@ -348,6 +348,7 @@ parallelsNetworkOpen(virConnectPtr conn, return VIR_DRV_OPEN_SUCCESS; error: virObjectUnref(privconn->networks); + privconn->networks = NULL; return VIR_DRV_OPEN_DECLINED; }
This patch is to be ignored since I've pushed the other one:
https://www.redhat.com/archives/libvir-list/2015-March/msg01002.html
Michal
participants (2)
-
Maxim Nestratov -
Michal Privoznik