From: Laine Stump Date: Tue, 9 Apr 2013 18:06:51 +0000 (-0400) Subject: Fix crash in virNetDevGetVirtualFunctions X-Git-Tag: v1.0.5-rc1~185 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9579b6bc209b46a0f079b21455b598c817925b48;p=thirdparty%2Flibvirt.git Fix crash in virNetDevGetVirtualFunctions Commit 9a3ff01d7f16cc280ce3176620c0714f55511a65 (which was ACKed at the end of January, but for some reason didn't get pushed until during the 1.0.4 freeze) fixed the logic in virPCIGetVirtualFunctions(). Unfortunately, a typo in the fix (replacing VIR_REALLOC_N with VIR_ALLOC_N during code movement) caused not only a memory leak, but also resulted in most of the elements of the result array being replaced with NULL. virNetDevGetVirtualFunctions() assumed (and I think rightly so) that virPCIGetVirtualFunctions() wouldn't return any NULL elements in the array, so it ended up segfaulting. This was found when attempting to use a virtual network with an auto-created pool of SRIOV VFs, e.g.: (the pool of PCI addresses is discovered by calling virNetDevGetVirtualFunctions() on the PF dev). --- diff --git a/src/util/virpci.c b/src/util/virpci.c index a0da1cd005..85cd6948d7 100644 --- a/src/util/virpci.c +++ b/src/util/virpci.c @@ -2026,8 +2026,8 @@ virPCIGetVirtualFunctions(const char *sysfs_path, continue; } - if (VIR_ALLOC_N(*virtual_functions, - *num_virtual_functions + 1) < 0) { + if (VIR_REALLOC_N(*virtual_functions, + *num_virtual_functions + 1) < 0) { virReportOOMError(); VIR_FREE(config_addr); goto error;