conf: avoid libvirt crash with empty address guestfwd channel

The 'def->target.addr' hasn't been initialized in virDomainChrDefNew() and
its value is always '0xffffffff', in addition, the following test scenario
hasn't also include 'address' element in channel XML block, so the branch
'if (addrStr == NULL)' is hit in virDomainChrDefParseTargetXML(), the
programming jumps to 'error' label to release relevant resources, and the
statement 'if (VIR_ALLOC(def->target.addr) < 0)' hasn't been executed then
the virDomainChrDefFree() will free 'def->target.addr'(0xffffffff) via
VIR_FREE(), which results in libvirt crash, to use valgrind can also
find a 'Invalid free() / delete / delete[]' error. This patch just adjusts
codes order to initialize 'def->target.addr' firstly.

With this patch, libvirt hasn't crash and can get a expected error message "
XML error: guestfwd channel does not define a target address".

How to reproduce?

1. define a guest with the following channel XML configuration

$ cat foo.xml
<snip>
    <channel type='pty'>
      <target type='guestfwd'/>
    </channel>
</snip>

$ virsh define foo.xml

2. actual result

error: Failed to define domain from /tmp/foo.xml
error: End of file while reading data: Input/output error
error: Failed to reconnect to the hypervisor

GDB debugger information:
<snip>
Breakpoint 1, virDomainChrDefFree (def=0x7f8ab000ec70) at conf/domain_conf.c:1264
...ignore
1264    {
(gdb) p def->target
$2 = {port = -1, addr = 0xffffffff, name = 0xffffffff <Address 0xffffffff out of bounds>}
</snip>

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=856489

Signed-off-by: Alex Jia <ajia@redhat.com>
This commit is contained in:
Alex Jia 2012-09-13 23:36:17 +08:00
parent a62116de32
commit 9ed534f081

View File

@ -5231,6 +5231,11 @@ virDomainChrDefParseTargetXML(virCapsPtr caps,
addrStr = virXMLPropString(cur, "address");
portStr = virXMLPropString(cur, "port");
if (VIR_ALLOC(def->target.addr) < 0) {
virReportOOMError();
goto error;
}
if (addrStr == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("guestfwd channel does not "
@ -5238,11 +5243,6 @@ virDomainChrDefParseTargetXML(virCapsPtr caps,
goto error;
}
if (VIR_ALLOC(def->target.addr) < 0) {
virReportOOMError();
goto error;
}
if (virSocketAddrParse(def->target.addr, addrStr, AF_UNSPEC) < 0)
goto error;