External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-11 04:15:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

virConnectOpenInternal: Avoid double free() when alias is an invalid URI

Browse Source 
Configuring an URI alias such as

  uri_aliases = [
      "blah=qemu://invaliduri@@@",
  ]

Results in a double free when the alias is used:

  $ virsh -c blah
  free(): double free detected in tcache 2
  Aborted (core dumped)

This happens as the 'alias' variable is first assigned to 'uristr' which
is cleared in the 'failed' label and then is explicitly freed again.

Fix this by stealing the alias into 'uristr' and removing the
unnecessary freeing.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2022-09-08 16:31:58 +02:00
parent d3397885d5
commit 48e1b49353
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libvirt.c
View File

@ -940,14 +940,12 @@ virConnectOpenInternal(const char *name,
goto failed;
if (alias) {
VIR_FREE(uristr);
uristr = alias;
g_free(uristr);
uristr = g_steal_pointer(&alias);
}
if (!(ret->uri = virURIParse(uristr))) {
VIR_FREE(alias);
if (!(ret->uri = virURIParse(uristr)))
goto failed;
}
/* Avoid need for drivers to worry about NULLs, as
* no one needs to distinguish "" vs NULL */