Gianni Tedesco
2010-Sep-10 14:17 UTC
[Xen-devel] [PATCH]: libxl: don''t ''leak'' gc pointers to caller''s structs thereby preventing a double free
libxl_build_device_model uses a pointer in a caller supplied data
structure to synthesize a vif-name if one is not supplied. This is bad
juju because the caller may want to free this pointer but by the time it
get''s a chance the gc has already done so. Switch to using a local
variable for this pointer and avoid a double-free in the domain create
path.
Gianni Tedesco <gianni.tedesco@citrix.com>
diff -r ef2d0a9b2036 tools/libxl/libxl.c
--- a/tools/libxl/libxl.c Fri Sep 10 14:59:29 2010 +0100
+++ b/tools/libxl/libxl.c Fri Sep 10 15:16:41 2010 +0100
@@ -1190,14 +1190,17 @@ static char ** libxl_build_device_model_
char *smac = libxl__sprintf(gc,
"%02x:%02x:%02x:%02x:%02x:%02x",
vifs[i].mac[0], vifs[i].mac[1],
vifs[i].mac[2],
vifs[i].mac[3], vifs[i].mac[4],
vifs[i].mac[5]);
+ char *ifname;
if (!vifs[i].ifname)
- vifs[i].ifname = libxl__sprintf(gc, "tap%d.%d",
info->domid, vifs[i].devid);
+ ifname = libxl__sprintf(gc, "tap%d.%d",
info->domid, vifs[i].devid);
+ else
+ ifname = vifs[i].ifname;
flexarray_set(dm_args, num++, "-net");
flexarray_set(dm_args, num++, libxl__sprintf(gc,
"nic,vlan=%d,macaddr=%s,model=%s",
vifs[i].devid, smac, vifs[i].model));
flexarray_set(dm_args, num++, "-net");
flexarray_set(dm_args, num++, libxl__sprintf(gc,
"tap,vlan=%d,ifname=%s,bridge=%s,script=no",
- vifs[i].devid, vifs[i].ifname, vifs[i].bridge));
+ vifs[i].devid, ifname, vifs[i].bridge));
ioemu_vifs++;
}
}
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel