 Home |
Products |
Support |
Community |
News |
xen-changelog
[Xen-changelog] [xen-unstable] libxl: don't leak gc pointers to caller's
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-unstable] libxl: don't leak gc pointers to caller's structs; prevent double free |
| From: | Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 10 Sep 2010 14:40:41 -0700 |
| Delivery-date: | Fri, 10 Sep 2010 14:43:05 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User Gianni Tedesco <gianni.tedesco@xxxxxxxxxx>
# Date 1284140940 -3600
# Node ID 8caf87c7a017d69ecb74fbb9aa506b02db938ea2
# Parent d57c33873eede42abedc6534150ac6f8cb6ca237
libxl: don't leak gc pointers to caller's structs; prevent double free
libxl_build_device_model uses a pointer in a caller supplied data
structure to synthesize a vif-name if one is not supplied. This is bad
juju because the caller may want to free this pointer but by the time it
get's a chance the gc has already done so. Switch to using a local
variable for this pointer and avoid a double-free in the domain create
path.
Gianni Tedesco <gianni.tedesco@xxxxxxxxxx>
Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
---
tools/libxl/libxl.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff -r d57c33873eed -r 8caf87c7a017 tools/libxl/libxl.c
--- a/tools/libxl/libxl.c Fri Sep 10 18:47:53 2010 +0100
+++ b/tools/libxl/libxl.c Fri Sep 10 18:49:00 2010 +0100
@@ -1190,14 +1190,17 @@ static char ** libxl_build_device_model_
char *smac = libxl__sprintf(gc,
"%02x:%02x:%02x:%02x:%02x:%02x",
vifs[i].mac[0], vifs[i].mac[1],
vifs[i].mac[2],
vifs[i].mac[3], vifs[i].mac[4],
vifs[i].mac[5]);
+ char *ifname;
if (!vifs[i].ifname)
- vifs[i].ifname = libxl__sprintf(gc, "tap%d.%d",
info->domid, vifs[i].devid);
+ ifname = libxl__sprintf(gc, "tap%d.%d", info->domid,
vifs[i].devid);
+ else
+ ifname = vifs[i].ifname;
flexarray_set(dm_args, num++, "-net");
flexarray_set(dm_args, num++, libxl__sprintf(gc,
"nic,vlan=%d,macaddr=%s,model=%s",
vifs[i].devid, smac, vifs[i].model));
flexarray_set(dm_args, num++, "-net");
flexarray_set(dm_args, num++, libxl__sprintf(gc,
"tap,vlan=%d,ifname=%s,bridge=%s,script=no",
- vifs[i].devid, vifs[i].ifname, vifs[i].bridge));
+ vifs[i].devid, ifname, vifs[i].bridge));
ioemu_vifs++;
}
}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-unstable] xl: use xlu_cfg_replace_string in a few more places., Xen patchbot-unstable |
|---|---|
| Next by Date: | [Xen-changelog] [xen-unstable] xl: don't leak a lot of memory in forked process in domain_create, Xen patchbot-unstable |
| Previous by Thread: | [Xen-changelog] [xen-unstable] xl: use xlu_cfg_replace_string in a few more places., Xen patchbot-unstable |
| Next by Thread: | [Xen-changelog] [xen-unstable] xl: don't leak a lot of memory in forked process in domain_create, Xen patchbot-unstable |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
