Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
On Thu, Aug 8, 2013 at 10:05 PM, Alex Jia a...@redhat.com wrote: Martin, I pushed this now. -- Regards, Alex Pushed to v1.1.1-maint -- Doug Goldstein -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { -- 1.7.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
At Thu, 8 Aug 2013 16:48:46 +0800, Alex Jia wrote: ... # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { -- 1.7.1 ACK. I've just been bitten by this as well. Your patch fixes it for me. Thanks. / Claudio -- AV-Test GmbH, Henricistraße 20, 04155 Leipzig, Germany Phone: +49 341 265 310 19 Web:http://www.av-test.org Eingetragen am / Registered at: Amtsgericht Stendal (HRB 114076) Geschaeftsfuehrer (CEO): Andreas Marx, Guido Habicht, Maik Morgenstern -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
On 08/08/2013 10:48 AM, Alex Jia wrote: Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { ACK. I wonder whether we could de-duplicate this since all similar functions call this, but call() doesn't know the structure size :( Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Hi Martin, I think if the call() can't do this then it's impossible to de-duplicate in all similar functions. -- Regards, Alex - Original Message - From: Martin Kletzander mklet...@redhat.com To: Alex Jia a...@redhat.com Cc: libvir-list@redhat.com Sent: Thursday, August 8, 2013 8:09:57 PM Subject: Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags On 08/08/2013 10:48 AM, Alex Jia wrote: Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { ACK. I wonder whether we could de-duplicate this since all similar functions call this, but call() doesn't know the structure size :( Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags
Martin, I pushed this now. -- Regards, Alex - Original Message - From: Martin Kletzander mklet...@redhat.com To: Alex Jia a...@redhat.com Cc: libvir-list@redhat.com Sent: Thursday, August 8, 2013 8:09:57 PM Subject: Re: [libvirt] [PATCH] remote: Fix a segfault in remoteDomainCreateWithFlags On 08/08/2013 10:48 AM, Alex Jia wrote: Valgrind defects memory error: ==16759== 1 errors in context 1 of 8: ==16759== Invalid free() / delete / delete[] / realloc() ==16759==at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd ==16759== 1 errors in context 2 of 8: ==16759== Conditional jump or move depends on uninitialised value(s) ==16759==at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==16759==by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31) ==16759==by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58) ==16759==by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762) ==16759==by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so) ==16759==by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441) ==16759==by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499) ==16759==by 0x13127A: cmdStart (virsh-domain.c:3376) ==16759==by 0x12BF83: vshCommandRun (virsh.c:1751) ==16759==by 0x126FFB: main (virsh.c:3205) ==16759== Uninitialised value was created by a stack allocation ==16759==at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423) How to reproduce? # virsh start domain --paused RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=994855 Signed-off-by: Alex Jia a...@redhat.com --- src/remote/remote_driver.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index f828eef..71d0034 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -2431,6 +2431,7 @@ remoteDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) make_nonnull_domain(args.dom, dom); args.flags = flags; +memset(ret, 0, sizeof(ret)); if (call(dom-conn, priv, 0, REMOTE_PROC_DOMAIN_CREATE_WITH_FLAGS, (xdrproc_t)xdr_remote_domain_create_with_flags_args, (char *)args, (xdrproc_t)xdr_remote_domain_create_with_flags_ret, (char *)ret) == -1) { ACK. I wonder whether we could de-duplicate this since all similar functions call this, but call() doesn't know the structure size :( Martin -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list