On 12/02/2017 12:21 PM, Richard W.M. Jones wrote: > On Sat, Dec 02, 2017 at 11:52:31AM -0600, Eric Blake wrote: >> When converting from a single transaction to a linked list, I >> forgot to free the storage for each member of the list. >> >> Reported-by: Richard W.M. Jones <rjo...@redhat.com> >> Fixes: 7f5bb9bf13f041ea7702bda557d9dd668bc3423a >> Signed-off-by: Eric Blake <ebl...@redhat.com> >> --- >> >> I'm still not sure why 'make check' passes while 'make check-valgrind' >> fails for TESTS=test-nbd, but this at least avoids the memory leak.
>>
>> *fd = trans->u.fds[1];
>> + free (trans);
>> switch (be32toh (rep.error)) {
>> case NBD_SUCCESS:
>> if (trans->buf && read_full (h->fd, trans->buf, trans->count) < 0)
>
> Can this be right? valgrind seems to be saying that there are
> double-free errors when I add this patch (see below).
Rather, use after free. The patch avoids the leak, but didn't do it
quite correctly. v2 coming up, and now I know why check-valgrind failed.
Sometimes, it's hard to see the actual error message because of
everything else that is also in the log.
> ==18076== Thread 3:
> ==18076== Invalid read of size 8
> ==18076== at 0x77EBB08: nbd_reply_raw (nbd.c:340)
> ==18076== by 0x77EBB08: nbd_reader (nbd.c:373)
> ==18076== by 0x55DC55A: start_thread (in
> /usr/lib64/libpthread-2.26.9000.so)
> ==18076== by 0x58E85AE: clone (in /usr/lib64/libc-2.26.9000.so)
> ==18076== Address 0x7452fc8 is 8 bytes inside a block of size 32 free'd
> ==18076== at 0x4C2ED18: free (vg_replace_malloc.c:530)
> ==18076== by 0x77EB996: nbd_reply_raw (nbd.c:337)
> ==18076== by 0x77EB996: nbd_reader (nbd.c:373)
> ==18076== by 0x55DC55A: start_thread (in
> /usr/lib64/libpthread-2.26.9000.so)
> ==18076== by 0x58E85AE: clone (in /usr/lib64/libc-2.26.9000.so)
> ==18076== Block was alloc'd at
> ==18076== at 0x4C2FA1E: calloc (vg_replace_malloc.c:711)
> ==18076== by 0x77EBBAF: nbd_request_full (nbd.c:264)
> ==18076== by 0x77EBD98: nbd_pread (nbd.c:602)
> ==18076== by 0x405986: handle_request (connections.c:884)
> ==18076== by 0x405986: recv_request_send_reply (connections.c:1061)
> ==18076== by 0x405AE7: connection_worker (connections.c:200)
> ==18076== by 0x55DC55A: start_thread (in
> /usr/lib64/libpthread-2.26.9000.so)
> ==18076== by 0x58E85AE: clone (in /usr/lib64/libc-2.26.9000.so)
But I also see you managed to get CFLAGS=-g propagated to the plugin in
this trace.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs
