lxc: avoid use-after-free

I got this weird failure:

error: Failed to start domain simple
error: internal error cannot mix caller fds with blocking execution

and tracked it down to a use-after-free - virCommandSetOutputFD
was storing the address of a stack-local variable, which then
went out of scope before the virCommandRun that dereferenced it.

Bug introduced in commit 451cfd05 (0.9.2).

* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
registration...
(lxcVmStart): ...to caller.

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index d6e5e2045332d343adc3455d18fe576e76be16b8..37092bc9767bedd6bd604cfd4fe65ef2dfcac494 100644 (file)
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1449,7 +1449,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
                       char **veths,
                       int *ttyFDs,
                       size_t nttyFDs,
-                      int logfile,
                       int handshakefd)
 {
     size_t i;
@@ -1524,8 +1523,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
     }
 
     virCommandPreserveFD(cmd, handshakefd);
-    virCommandSetOutputFD(cmd, &logfile);
-    virCommandSetErrorFD(cmd, &logfile);
 
     return cmd;
 cleanup:
@@ -1747,8 +1744,10 @@ static int lxcVmStart(virConnectPtr conn,
                                       vm,
                                       nveths, veths,
                                       ttyFDs, nttyFDs,
-                                      logfd, handshakefds[1])))
+                                      handshakefds[1])))
         goto cleanup;
+    virCommandSetOutputFD(cmd, &logfd);
+    virCommandSetErrorFD(cmd, &logfd);
 
     /* Log timestamp */
     if ((timestamp = virTimestamp()) == NULL) {