mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-15 17:15:18 +00:00
498d7b2bf5
So, in the example the cpu stats are collected within a function called do_top. At the beginning of the function we ask the daemon for how much vCPUs can we get stats, and how many stats for a vCPU can we get. This is because it's how our API works - users are required to preallocate a chunk of memory for the results. Now, at the end, we try to free the allocated array, but we are not doing it correctly. There's this virTypedParamsFree() function which gets a pointer to the array and the length of the array. However, if there was an error in getting vCPU stats we pass a negative number instead of the originally computed value. This flaw results in SIGSEGV: libvirt: QEMU Driver error : Requested operation is not valid: domain is not running ERROR do_top:333 : Unable to get cpu stats ==29201== Invalid read of size 4 ==29201== at 0x4F1DF8B: virTypedParamsClear (virtypedparam.c:1145) ==29201== by 0x4F1DFEB: virTypedParamsFree (virtypedparam.c:1165) ==29201== by 0x4023C3: do_top (domtop.c:349) ==29201== by 0x40260B: main (domtop.c:386) ==29201== Address 0x131cd7c0 is 16 bytes after a block of size 768 alloc'd ==29201== at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==29201== by 0x401FF1: do_top (domtop.c:295) ==29201== by 0x40260B: main (domtop.c:386) Signed-off-by: Michal Privoznik <mprivozn@redhat.com>