git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Jim Fehlig <jfehlig@suse.com>
	Fri, 10 Oct 2014 21:39:46 +0000 (15:39 -0600)
committer	Jim Fehlig <jfehlig@suse.com>
	Thu, 30 Oct 2014 16:23:18 +0000 (10:23 -0600)
commit	720be2eb5f0216564d158dca99c466fac2c16a53
tree	beff1b2539841c4b016a1ccbe01f505b7b473ae3	tree \| snapshot
parent	1c0bf509ef2063d877221dfc018d5be350432557	commit \| diff

libxl: fix double-free of libxl_domain_build_info

On error, libxlMakeDomBuildInfo() frees the caller-provided
libxl_domain_build_info struct embedded in libxl_domain_config,
causing a segfault

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f9c13020700 (LWP 40988)]
(gdb) bt
0  0x00007f9c162f95b4 in free () from /lib64/libc.so.6
1  0x00007f9c0d0965ad in libxl_bitmap_dispose () from
   /usr/lib64/libxenlight.so.4.4
2  0x00007f9c0d0a73bf in libxl_domain_build_info_dispose ()
   from /usr/lib64/libxenlight.so.4.4
3  0x00007f9c0d0a7974 in libxl_domain_config_dispose () from
   /usr/lib64/libxenlight.so.4.4
4  0x00007f9c0d2e00c5 in libxlDomainStart (driver=0x7f9c0400e4e0,
   vm=0x7f9c0412b0d0, start_paused=false, restore_fd=-1) at
   libxl/libxl_domain.c:1323
5  0x00007f9c0d2e1d4b in libxlDomainCreateXML (conn=0x7f9c000009a0,...)
   at libxl/libxl_driver.c:660

Remove the call to libxl_domain_build_info_dispose() from
libxlMakeDomBuildInfo().  On error, callers will dispose the
libxl_domain_config object, which in turn disposes the build info.