debuggers.hg

changeset 22546:46f5b6654436

libxl: fix double free of ifname, when makes args for qemu.

In libxl_build_device_model_args_new, vifs[i].ifname can be free two
times, by the gc, and by freeing the vifs structures. This patch avoids
this.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
committer: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
tools/libxl/libxl.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
author Anthony PERARD <anthony.perard@citrix.com>
date Mon Dec 13 17:58:20 2010 +0000 (2010-12-13)
parents a5a0817d9210
children cb75d32db0d6
files tools/libxl/libxl.c
line diff
     1.1 --- a/tools/libxl/libxl.c	Mon Dec 13 17:39:27 2010 +0000
     1.2 +++ b/tools/libxl/libxl.c	Mon Dec 13 17:58:20 2010 +0000
     1.3 @@ -1341,14 +1341,18 @@ static char ** libxl_build_device_model_
     1.4                  char *smac = libxl__sprintf(gc, "%02x:%02x:%02x:%02x:%02x:%02x",
     1.5                                             vifs[i].mac[0], vifs[i].mac[1], vifs[i].mac[2],
     1.6                                             vifs[i].mac[3], vifs[i].mac[4], vifs[i].mac[5]);
     1.7 -                if (!vifs[i].ifname)
     1.8 -                    vifs[i].ifname = libxl__sprintf(gc, "tap%d.%d", info->domid, vifs[i].devid);
     1.9 +                char *ifname;
    1.10 +                if (!vifs[i].ifname) {
    1.11 +                    ifname = libxl__sprintf(gc, "tap%d.%d", info->domid, vifs[i].devid);
    1.12 +                } else {
    1.13 +                    ifname = vifs[i].ifname;
    1.14 +                }
    1.15                  flexarray_set(dm_args, num++, "-net");
    1.16                  flexarray_set(dm_args, num++, libxl__sprintf(gc, "nic,vlan=%d,macaddr=%s,model=%s",
    1.17                              vifs[i].devid, smac, vifs[i].model));
    1.18                  flexarray_set(dm_args, num++, "-net");
    1.19                  flexarray_set(dm_args, num++, libxl__sprintf(gc, "tap,vlan=%d,ifname=%s,script=no",
    1.20 -                            vifs[i].devid, vifs[i].ifname));
    1.21 +                            vifs[i].devid, ifname));
    1.22                  ioemu_vifs++;
    1.23              }
    1.24          }