mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 01:43:23 +00:00
conf: avoid libvirt crash with empty address guestfwd channel
The 'def->target.addr' hasn't been initialized in virDomainChrDefNew() and its value is always '0xffffffff', in addition, the following test scenario hasn't also include 'address' element in channel XML block, so the branch 'if (addrStr == NULL)' is hit in virDomainChrDefParseTargetXML(), the programming jumps to 'error' label to release relevant resources, and the statement 'if (VIR_ALLOC(def->target.addr) < 0)' hasn't been executed then the virDomainChrDefFree() will free 'def->target.addr'(0xffffffff) via VIR_FREE(), which results in libvirt crash, to use valgrind can also find a 'Invalid free() / delete / delete[]' error. This patch just adjusts codes order to initialize 'def->target.addr' firstly. With this patch, libvirt hasn't crash and can get a expected error message " XML error: guestfwd channel does not define a target address". How to reproduce? 1. define a guest with the following channel XML configuration $ cat foo.xml <snip> <channel type='pty'> <target type='guestfwd'/> </channel> </snip> $ virsh define foo.xml 2. actual result error: Failed to define domain from /tmp/foo.xml error: End of file while reading data: Input/output error error: Failed to reconnect to the hypervisor GDB debugger information: <snip> Breakpoint 1, virDomainChrDefFree (def=0x7f8ab000ec70) at conf/domain_conf.c:1264 ...ignore 1264 { (gdb) p def->target $2 = {port = -1, addr = 0xffffffff, name = 0xffffffff <Address 0xffffffff out of bounds>} </snip> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=856489 Signed-off-by: Alex Jia <ajia@redhat.com>
This commit is contained in:
parent
a62116de32
commit
9ed534f081
@ -5231,6 +5231,11 @@ virDomainChrDefParseTargetXML(virCapsPtr caps,
|
||||
addrStr = virXMLPropString(cur, "address");
|
||||
portStr = virXMLPropString(cur, "port");
|
||||
|
||||
if (VIR_ALLOC(def->target.addr) < 0) {
|
||||
virReportOOMError();
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (addrStr == NULL) {
|
||||
virReportError(VIR_ERR_XML_ERROR, "%s",
|
||||
_("guestfwd channel does not "
|
||||
@ -5238,11 +5243,6 @@ virDomainChrDefParseTargetXML(virCapsPtr caps,
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (VIR_ALLOC(def->target.addr) < 0) {
|
||||
virReportOOMError();
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (virSocketAddrParse(def->target.addr, addrStr, AF_UNSPEC) < 0)
|
||||
goto error;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user