diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-02-13 08:58:04 +0000 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-02-13 13:49:21 +0000 |
| commit | ba443ae0486ae30ea597c4e126de63371f8fa7a8 (patch) | |
| tree | 333ab9167181e587cf70ad46a973c34b7636e9e5 | |
| parent | c8a11468c4dc761acdcb9b184d345bafe1b5114d (diff) | |
| download | libguestfs-ba443ae0486ae30ea597c4e126de63371f8fa7a8.tar.gz libguestfs-ba443ae0486ae30ea597c4e126de63371f8fa7a8.tar.xz libguestfs-ba443ae0486ae30ea597c4e126de63371f8fa7a8.zip | |
daemon: Don't xdr_free uninitialized args struct on error paths.
For stubs of functions that had arguments, code did this:
static void
mount_stub (XDR *xdr_in)
{
int r;
struct guestfs_mount_args args;
if (optargs_bitmask != 0) {
//...
goto done;
}
// possibly other tests here
memset (&args, 0, sizeof args);
[...]
done:
xdr_free ((xdrproc_t) xdr_guestfs_mount_args, (char *) &args);
return;
}
This caused xdr_free to be called on uninitialized 'args' struct,
causing a segfault.
The fix is to add another label, so the code looks like:
static void
mount_stub (XDR *xdr_in)
{
int r;
struct guestfs_mount_args args;
if (optargs_bitmask != 0) {
//...
goto done_no_free;
}
// possibly other tests here
memset (&args, 0, sizeof args);
[...]
done:
xdr_free ((xdrproc_t) xdr_guestfs_mount_args, (char *) &args);
done_no_free:
return;
}
This fixes commit 330fbea5b2d6bd7db84f7ea7afe87cf1bcd438e0
and commit 0344248af55802bbbd816b349ec1ba9305996f6e.
| -rw-r--r-- | generator/generator_daemon.ml | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/generator/generator_daemon.ml b/generator/generator_daemon.ml index 0eb2446a..8c960619 100644 --- a/generator/generator_daemon.ml +++ b/generator/generator_daemon.ml @@ -136,7 +136,7 @@ and generate_daemon_actions () = pr " \"build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for\\n\"\n"; pr " \"how to check for the availability of features.\",\n"; pr " \"%s\");\n" group; - pr " goto done;\n"; + pr " goto done_no_free;\n"; pr " }\n"; pr "\n" | _ -> () @@ -154,14 +154,14 @@ and generate_daemon_actions () = if is_filein then pr " cancel_receive ();\n"; pr " reply_with_error (\"unknown option in optional arguments bitmask (this can happen if a program is compiled against a newer version of libguestfs, then run against an older version of the daemon)\");\n"; - pr " goto done;\n"; + pr " goto done_no_free;\n"; pr " }\n"; ) else ( pr " if (optargs_bitmask != 0) {\n"; if is_filein then pr " cancel_receive ();\n"; pr " reply_with_error (\"header optargs_bitmask field must be passed as 0 for calls that don't take optional arguments\");\n"; - pr " goto done;\n"; + pr " goto done_no_free;\n"; pr " }\n"; ); pr "\n"; @@ -339,6 +339,7 @@ and generate_daemon_actions () = pr " xdr_free ((xdrproc_t) xdr_guestfs_%s_args, (char *) &args);\n" name ); + pr "done_no_free:\n"; pr " return;\n"; pr "}\n\n"; ) daemon_functions; |