thr3ads.net - Libguestfs - [Libguestfs] [p2v PATCH 4/4] ssh.c: fix crash in "v2v

If this information is useful, please help other people find it:
Share via:

Laszlo Ersek

2022-Sep-11 14:25 UTC

[Libguestfs] [p2v PATCH 4/4] ssh.c: fix crash in "v2v_version" lifecycle management

We only ever set "v2v_version" to non-NULL with
pcre2_substring_get_bynumber(), as suggested by valgrind and then verified
by code review.

Substrings extracted with this function cannot be released with free(); we
must call pcre2_substring_free().

http://www.pcre.org/current/doc/html/pcre2_substring_get_bynumber.html
http://www.pcre.org/current/doc/html/pcre2_substring_free.html

The symptom of this bug is that the second click on the "Test
Connection"
causes free() to print:
> free(): invalid pointer
and then to call abort().

Signed-off-by: Laszlo Ersek <lersek at redhat.com>
---
 ssh.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssh.c b/ssh.c
index 059f0e224cba..566121b172c5 100644
--- a/ssh.c
+++ b/ssh.c
@@ -765,7 +765,7 @@ test_connection (struct config *config)
   /* Clear any previous version information since we may be connecting
    * to a different server.
    */
-  free (v2v_version);
+  pcre2_substring_free ((PCRE2_UCHAR *)v2v_version);
   v2v_version = NULL;
 
   /* Send 'virt-v2v --version' command and hope we get back a version
string.
@@ -788,7 +788,7 @@ test_connection (struct config *config)
                            { 0 }
                          }, match_data)) {
     case 100:                   /* Got version string. */
-      free (v2v_version);
+      pcre2_substring_free ((PCRE2_UCHAR *)v2v_version);
       pcre2_substring_get_bynumber (match_data, 1,
                                     (PCRE2_UCHAR **) &v2v_version,
&verlen);
 #if DEBUG_STDERR

Richard W.M. Jones

2022-Sep-23 09:20 UTC

head link

[Libguestfs] [p2v PATCH 4/4] ssh.c: fix crash in "v2v_version" lifecycle management

ACK series...

Although if I was going to quibble, GNU code tends to use *_p to
indicate a predicate (following the LISP convention [1]), whereas I
think your meaning is "private to function", so maybe that's
confusing
to some.

Rich.

[1]
https://stackoverflow.com/questions/70545047/what-does-suffix-p-mean-in-common-lisp-functions

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

Libguestfs - Sep 2022 - [p2v PATCH 4/4] ssh.c: fix crash in "v2v_version" lifecycle management

[Libguestfs] [p2v PATCH 4/4] ssh.c: fix crash in "v2v_version" lifecycle management

[Libguestfs] [p2v PATCH 4/4] ssh.c: fix crash in "v2v_version" lifecycle management