[libvirt] [PATCH] leaseshelper: fix another creash
We create a 'lease_new' when we are adding new lease entry, then later in the code we add the 'lease_new' into a 'leases_array_new' which leades into the creash because we double free the 'lease_new'. To prevent the double free we set the 'lease_new' to NULL after successful append into the 'leases_array_new'. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/network/leaseshelper.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c index 69081c3..bf1842b 100644 --- a/src/network/leaseshelper.c +++ b/src/network/leaseshelper.c @@ -331,6 +331,7 @@ main(int argc, char **argv) _("failed to create json")); goto cleanup; } + lease_new = NULL; } if (!(leases_str = virJSONValueToString(leases_array_new, true))) { -- 1.8.5.5
On 16.6.2014 14:30, Pavel Hrdina wrote:
We create a 'lease_new' when we are adding new lease entry, then later in the code we add the 'lease_new' into a 'leases_array_new' which leades into the creash because we double free the 'lease_new'.
To prevent the double free we set the 'lease_new' to NULL after successful append into the 'leases_array_new'.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> ---
s/creash/crash/ :)
s/creash/crash/ in subject On 06/16/14 14:30, Pavel Hrdina wrote:
We create a 'lease_new' when we are adding new lease entry, then later in the code we add the 'lease_new' into a 'leases_array_new' which leades into the creash because we double free the 'lease_new'.
s/leades/leads/ s/creash/crash/
To prevent the double free we set the 'lease_new' to NULL after successful append into the 'leases_array_new'.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/network/leaseshelper.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c index 69081c3..bf1842b 100644 --- a/src/network/leaseshelper.c +++ b/src/network/leaseshelper.c @@ -331,6 +331,7 @@ main(int argc, char **argv) _("failed to create json")); goto cleanup; } + lease_new = NULL; }
if (!(leases_str = virJSONValueToString(leases_array_new, true))) {
ACK to this change (with the subject fixed), although there's yet another problem in the leasehelper. I'll post a patch later today. Peter
On 16.6.2014 14:39, Peter Krempa wrote:
s/creash/crash/ in subject
On 06/16/14 14:30, Pavel Hrdina wrote:
We create a 'lease_new' when we are adding new lease entry, then later in the code we add the 'lease_new' into a 'leases_array_new' which leades into the creash because we double free the 'lease_new'.
s/leades/leads/ s/creash/crash/
To prevent the double free we set the 'lease_new' to NULL after successful append into the 'leases_array_new'.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- src/network/leaseshelper.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c index 69081c3..bf1842b 100644 --- a/src/network/leaseshelper.c +++ b/src/network/leaseshelper.c @@ -331,6 +331,7 @@ main(int argc, char **argv) _("failed to create json")); goto cleanup; } + lease_new = NULL; }
if (!(leases_str = virJSONValueToString(leases_array_new, true))) {
ACK to this change (with the subject fixed), although there's yet another problem in the leasehelper. I'll post a patch later today.
Peter
Thanks, pushed Pavel
participants (2)
-
Pavel Hrdina -
Peter Krempa