[libvirt] [PATCH] remote_driver.c: fix a NULL dereference in remoteDomainEventQueueFlush().
Hi, all. There is a case of a NULL dereference in function remoteDomainEventQueueFlush() in remote_driver.c In the case of local connection conn->privateData->domainEvents isn't reserved. In this case it will occurs segment fault. (for example examples/domain-events/events-c/event-test.c) I think the following patch will be available. Thanks. --- src/remote/remote_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index d6f5fce..b112fd3 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8709,7 +8709,7 @@ void remoteDomainEventQueueFlush(int timer ATTRIBUTE_UNUSED, void *opaque) { virConnectPtr conn = opaque; - struct private_data *priv = conn->privateData; + struct private_data *priv = conn->networkPrivateData; virDomainEventQueue tempQueue; remoteDriverLock(priv); -- 1.5.6.1 -- kakuma <f-kak@ksh.biglobe.ne.jp>
2010/1/12 kakuma <f-kak@ksh.biglobe.ne.jp>:
Hi, all.
There is a case of a NULL dereference in function remoteDomainEventQueueFlush() in remote_driver.c In the case of local connection conn->privateData->domainEvents isn't reserved. In this case it will occurs segment fault. (for example examples/domain-events/events-c/event-test.c) I think the following patch will be available.
Thanks.
--- src/remote/remote_driver.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index d6f5fce..b112fd3 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8709,7 +8709,7 @@ void remoteDomainEventQueueFlush(int timer ATTRIBUTE_UNUSED, void *opaque) { virConnectPtr conn = opaque; - struct private_data *priv = conn->privateData; + struct private_data *priv = conn->networkPrivateData; virDomainEventQueue tempQueue;
remoteDriverLock(priv); -- 1.5.6.1
-- kakuma <f-kak@ksh.biglobe.ne.jp>
NACK. Actually this is a workaround for the segfault. I prefer a proper fix. I haven't understood yet how the event-test causes a segfault here, but the event-test code itself is broken for multiple added event handles. In contrast the Python event-test handles multiple added event handles properly and doesn't trigger this segfault. Matthias
On Tue, 12 Jan 2010 02:39:58 +0100 Matthias Bolte <matthias.bolte@googlemail.com> wrote:
2010/1/12 kakuma <f-kak@ksh.biglobe.ne.jp>:
Hi, all.
There is a case of a NULL dereference in function remoteDomainEventQueueFlush() in remote_driver.c In the case of local connection conn->privateData->domainEvents isn't reserved. In this case it will occurs segment fault. (for example examples/domain-events/events-c/event-test.c) I think the following patch will be available.
Thanks.
--- ?src/remote/remote_driver.c | ? ?2 +- ?1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index d6f5fce..b112fd3 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8709,7 +8709,7 @@ void ?remoteDomainEventQueueFlush(int timer ATTRIBUTE_UNUSED, void *opaque) ?{ ? ? virConnectPtr conn = opaque; - ? ?struct private_data *priv = conn->privateData; + ? ?struct private_data *priv = conn->networkPrivateData; ? ? virDomainEventQueue tempQueue;
? ? remoteDriverLock(priv); -- 1.5.6.1
-- kakuma <f-kak@ksh.biglobe.ne.jp>
NACK.
Actually this is a workaround for the segfault. I prefer a proper fix.
I haven't understood yet how the event-test causes a segfault here, but the event-test code itself is broken for multiple added event handles. In contrast the Python event-test handles multiple added event handles properly and doesn't trigger this segfault.
Matthias
Thank you for your reply. OK. I will expect your fix. Thanks. -- kakuma <f-kak@ksh.biglobe.ne.jp>
participants (2)
-
kakuma -
Matthias Bolte