thr3ads.net - Xen devel - [PATCH V2] libxl: avoid double free of b

If this information is useful, please help other people find it:
Share via:

Ian Campbell

2012-May-18 10:11 UTC

[PATCH V2] libxl: avoid double free of b_info->u.pv.bootloader

# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1337335831 -3600
# Node ID 894f39993bdc96aaaf2ad0115af2f5e83d9cc1b1
# Parent  0e1d32df5b8d8bdbf88b6cd4a6b18fc008258373
libxl: avoid double free of b_info->u.pv.bootloader.

b_info is a user provided struct and therefore the content must come from
malloc and not gc such that libxl_domain_build_info_dispose can free it. This
was broken by 25340:373f24c87dee.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: use libxl__strdup(NULL, ...) to get the expected error handling.

diff -r 0e1d32df5b8d -r 894f39993bdc tools/libxl/libxl_bootloader.c
--- a/tools/libxl/libxl_bootloader.c	Fri May 18 11:09:48 2012 +0100
+++ b/tools/libxl/libxl_bootloader.c	Fri May 18 11:10:31 2012 +0100
@@ -356,8 +356,10 @@ void libxl__bootloader_run(libxl__egc *e
         if ( lstat(bootloader, &st) )
             LOG(DEBUG, "%s doesn''t exist, falling back to config
path",
                 bootloader);
-        else
-            info->u.pv.bootloader = bootloader;
+        else {
+            free(info->u.pv.bootloader);
+            info->u.pv.bootloader = libxl__strdup(NULL, bootloader);
+        }
     }
 
     make_bootloader_args(gc, bl);

Ian Campbell

2012-May-18 12:43 UTC

head link

Re: [PATCH V2] libxl: avoid double free of b_info->u.pv.bootloader

On Fri, 2012-05-18 at 11:11 +0100, Ian Campbell wrote:> # HG changeset patch
> # User Ian Campbell <ian.campbell@citrix.com>
> # Date 1337335831 -3600
> # Node ID 894f39993bdc96aaaf2ad0115af2f5e83d9cc1b1
> # Parent  0e1d32df5b8d8bdbf88b6cd4a6b18fc008258373
> libxl: avoid double free of b_info->u.pv.bootloader.
> 
> b_info is a user provided struct and therefore the content must come from
> malloc and not gc such that libxl_domain_build_info_dispose can free it.
This
> was broken by 25340:373f24c87dee.
> 
> Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Ian Jackson acked this out of band and I have therefore applied it.
> ---
> v2: use libxl__strdup(NULL, ...) to get the expected error handling.
> 
> diff -r 0e1d32df5b8d -r 894f39993bdc tools/libxl/libxl_bootloader.c
> --- a/tools/libxl/libxl_bootloader.c	Fri May 18 11:09:48 2012 +0100
> +++ b/tools/libxl/libxl_bootloader.c	Fri May 18 11:10:31 2012 +0100
> @@ -356,8 +356,10 @@ void libxl__bootloader_run(libxl__egc *e
>          if ( lstat(bootloader, &st) )
>              LOG(DEBUG, "%s doesn''t exist, falling back to
config path",
>                  bootloader);
> -        else
> -            info->u.pv.bootloader = bootloader;
> +        else {
> +            free(info->u.pv.bootloader);
> +            info->u.pv.bootloader = libxl__strdup(NULL, bootloader);
> +        }
>      }
>  
>      make_bootloader_args(gc, bl);
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

Xen devel - May 2012 - [PATCH V2] libxl: avoid double free of b_info->u.pv.bootloader

[PATCH V2] libxl: avoid double free of b_info->u.pv.bootloader

Re: [PATCH V2] libxl: avoid double free of b_info->u.pv.bootloader