9:36 a.m.
If, by any reason, parallelsNetworkClose fails it dereferences
newly allocated privconn->networks via virObjectUnref, which in
turn deallocates its memory.
Subsequent call of parallelsNetworkClose calls virObjectUnref
that leads to double memory free. To prevent this we should zero
privconn->networks to make all subsequent virObjectUnref be safe.
Signed-off-by: Maxim Nestratov <mnestratov(a)parallels.com>
---
src/parallels/parallels_network.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/parallels/parallels_network.c b/src/parallels/parallels_network.c
index 8cc0582..8caad4a 100644
--- a/src/parallels/parallels_network.c
+++ b/src/parallels/parallels_network.c
@@ -348,6 +348,7 @@ parallelsNetworkOpen(virConnectPtr conn,
return VIR_DRV_OPEN_SUCCESS;
error:
virObjectUnref(privconn->networks);
+ privconn->networks = NULL;
return VIR_DRV_OPEN_DECLINED;
}
--
1.7.1
10:41 a.m.
On 19.03.2015 15:36, Maxim Nestratov wrote:
If, by any reason, parallelsNetworkClose fails it dereferences
newly allocated privconn->networks via virObjectUnref, which in
turn deallocates its memory.
Subsequent call of parallelsNetworkClose calls virObjectUnref
that leads to double memory free. To prevent this we should zero
privconn->networks to make all subsequent virObjectUnref be safe.
Signed-off-by: Maxim Nestratov <mnestratov(a)parallels.com>
---
src/parallels/parallels_network.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/parallels/parallels_network.c b/src/parallels/parallels_network.c
index 8cc0582..8caad4a 100644
--- a/src/parallels/parallels_network.c
+++ b/src/parallels/parallels_network.c
@@ -348,6 +348,7 @@ parallelsNetworkOpen(virConnectPtr conn,
return VIR_DRV_OPEN_SUCCESS;
error:
virObjectUnref(privconn->networks);
+ privconn->networks = NULL;
return VIR_DRV_OPEN_DECLINED;
}
This patch is to be ignored since I've pushed the other one:
https://www.redhat.com/archives/libvir-list/2015-March/msg01002.html
Michal
10:45 a.m.
Right. I sent this by a mistake and then asked to ignore it.
Thank you.
Maxim
-----Original Message-----
From: Michal Privoznik [mailto:mprivozn@redhat.com]
Sent: Thursday, March 19, 2015 6:41 PM
To: Maxim Nestratov; libvir-list(a)redhat.com
Subject: Re: [libvirt] [PATCH] parallels: fix libvirt crash if parallelsNetworkClose
fails
On 19.03.2015 15:36, Maxim Nestratov wrote:
> If, by any reason, parallelsNetworkClose fails it dereferences
> newly allocated privconn->networks via virObjectUnref, which in
> turn deallocates its memory.
> Subsequent call of parallelsNetworkClose calls virObjectUnref
> that leads to double memory free. To prevent this we should zero
> privconn->networks to make all subsequent virObjectUnref be safe.
>
> Signed-off-by: Maxim Nestratov <mnestratov(a)parallels.com>
> ---
> src/parallels/parallels_network.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/src/parallels/parallels_network.c b/src/parallels/parallels_network.c
> index 8cc0582..8caad4a 100644
> --- a/src/parallels/parallels_network.c
> +++ b/src/parallels/parallels_network.c
> @@ -348,6 +348,7 @@ parallelsNetworkOpen(virConnectPtr conn,
> return VIR_DRV_OPEN_SUCCESS;
> error:
> virObjectUnref(privconn->networks);
> + privconn->networks = NULL;
> return VIR_DRV_OPEN_DECLINED;
> }
>
>
This patch is to be ignored since I've pushed the other one:
https://www.redhat.com/archives/libvir-list/2015-March/msg01002.html
Michal
3536
days inactive
3536
days old
2 comments
2 participants
participants (2)
-
Maxim Nestratov -
Michal Privoznik