External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-23 14:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix dereference of potentially freed pointer in qemudDomainSaveFlags

Browse Source 
The pointer to the xml describing the domain is saved into an object
prior to calling VIR_REALLOC_N() to make the size of the memory it
points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that
operation needs to allocate new memory, the pointer that was saved is
no longer valid.

To avoid this situation, adjust the size *before* saving the pointer.

(This showed up when experimenting with very large values of
QEMU_MONITOR_MIGRATE_TO_FILE_BS).
This commit is contained in:
Laine Stump 2010-06-03 23:25:58 -04:00
parent b1eb7f2e98
commit 1d45e1b622
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/qemu/qemu_driver.c
View File

@ -4959,12 +4959,6 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
is_reg = S_ISREG(sb.st_mode);
}
/* Setup hook data needed by virFileOperation hook function */
hdata.dom = dom;
hdata.path = path;
hdata.xml = xml;
hdata.header = &header;
offset = sizeof(header) + header.xml_len;
/* Due to way we append QEMU state on our header with dd,
@ -4985,6 +4979,12 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
header.xml_len += pad;
}
/* Setup hook data needed by virFileOperation hook function */
hdata.dom = dom;
hdata.path = path;
hdata.xml = xml;
hdata.header = &header;
/* Write header to file, followed by XML */
/* First try creating the file as root */