5 p.m.
If you ran virsh in interactive mode and ran a command
that virsh could not parse, it would then SEGV
on subsequent commands. The problem is that we are
freeing the vshCmd structure in the syntaxError label
at the end of vshCommandParse, but forgetting to
set ctl->cmd to NULL. This means that on the next command,
we would try to free the same structure again, leading
to badness. Make sure to set ctl->cmd to NULL after
freeing it.
Signed-off-by: Chris Lalancette <clalance(a)redhat.com>
---
tools/virsh.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index c6e3f2a..eeaddbc 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -8643,8 +8643,10 @@ vshCommandParse(vshControl *ctl, char *cmdstr)
return TRUE;
syntaxError:
- if (ctl->cmd)
+ if (ctl->cmd) {
vshCommandFree(ctl->cmd);
+ ctl->cmd = NULL;
+ }
if (first)
vshCommandOptFree(first);
VIR_FREE(tkdata);
--
1.6.6.1
11:06 p.m.
On 03/11/2010 06:00 PM, Chris Lalancette wrote:
If you ran virsh in interactive mode and ran a command
that virsh could not parse, it would then SEGV
on subsequent commands. The problem is that we are
freeing the vshCmd structure in the syntaxError label
at the end of vshCommandParse, but forgetting to
set ctl->cmd to NULL. This means that on the next command,
we would try to free the same structure again, leading
to badness. Make sure to set ctl->cmd to NULL after
freeing it.
Signed-off-by: Chris Lalancette<clalance(a)redhat.com>
---
tools/virsh.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index c6e3f2a..eeaddbc 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -8643,8 +8643,10 @@ vshCommandParse(vshControl *ctl, char *cmdstr)
return TRUE;
syntaxError:
- if (ctl->cmd)
+ if (ctl->cmd) {
vshCommandFree(ctl->cmd);
+ ctl->cmd = NULL;
+ }
if (first)
vshCommandOptFree(first);
VIR_FREE(tkdata);
ACK.
Tricky! This only reveals itself if you put multiple commands on a
single line (separated by ";"), the first command is valid, and one of
the subsequent commands on the line is bogus. (Yes, I verified presence
of the crash before applying, and absence afterwards).
5:02 a.m.
On Thu, Mar 11, 2010 at 06:00:54PM -0500, Chris Lalancette wrote:
If you ran virsh in interactive mode and ran a command
that virsh could not parse, it would then SEGV
on subsequent commands. The problem is that we are
freeing the vshCmd structure in the syntaxError label
at the end of vshCommandParse, but forgetting to
set ctl->cmd to NULL. This means that on the next command,
we would try to free the same structure again, leading
to badness. Make sure to set ctl->cmd to NULL after
freeing it.
Signed-off-by: Chris Lalancette <clalance(a)redhat.com>
---
tools/virsh.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/tools/virsh.c b/tools/virsh.c
index c6e3f2a..eeaddbc 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -8643,8 +8643,10 @@ vshCommandParse(vshControl *ctl, char *cmdstr)
return TRUE;
syntaxError:
- if (ctl->cmd)
+ if (ctl->cmd) {
vshCommandFree(ctl->cmd);
+ ctl->cmd = NULL;
+ }
if (first)
vshCommandOptFree(first);
VIR_FREE(tkdata);
ACK, serious one, pushed ! Thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
5369
days inactive
5370
days old
2 comments
3 participants
participants (3)
-
Chris Lalancette -
Daniel Veillard -
Laine Stump