[Pkg-libvirt-maintainers] Bug#565983: Bug#565983: libvirt-bin: libvirtd crashes when accessed through virt-manager
Luca Tettamanti
kronos.it at gmail.com
Mon Jan 25 21:23:49 UTC 2010
On Mon, Jan 25, 2010 at 06:13:08PM +0100, Luca Tettamanti wrote:
> More in details:
>
> (gdb)
> make_nonnull_node_device (server=<value optimized out>, client=<value optimized out>, conn=0x714d60,
> hdr=<value optimized out>, rerr=0x7fffef610e20, args=<value optimized out>, ret=0x7fffef610e70) at remote.c:5401
> 5401 dev_dst->name = strdup(dev_src->name);
> (gdb) p dev_dst
> $4 = <value optimized out>
> (gdb) s
> *__GI___strdup (s=0x5f74736f685f6973 <Address 0x5f74736f685f6973 out of bounds>) at strdup.c:41
> (gdb) l
> 36 #endif
> 37
> 38 /* Duplicate S, returning an identical malloc'd string. */
> 39 char *
> 40 __strdup (const char *s)
> 41 {
> 42 size_t len = strlen (s) + 1;
> 43 void *new = malloc (len);
> 44
> 45 if (new == NULL)
> (gdb) p s
> $5 = 0x5f74736f685f6973 <Address 0x5f74736f685f6973 out of bounds>
>
> So... virNodeDeviceLookupByName returns corrupted data?
Yep.
virGetNodeDevice (conn=0x6dcae0, name=0x6d3120 "storage_model_DVD_RAM_UJ_850S") at datatypes.c:1056
1056 {
[cut]
1065 ret = (virNodeDevicePtr) virHashLookup(conn->nodeDevices, name);
(gdb)
1066 if (ret == NULL) {
(gdb) p ret
$26 = (virNodeDevicePtr) 0x0
(gdb) p ret
$28 = (virNodeDevicePtr) 0x6d2570
(gdb) p *ret
$29 = {magic = 1601463662, refs = 1886220131, conn = 0x6f6f6c5f72657475,
name = 0x6b63616270 <Address 0x6b63616270 out of bounds>, parent = 0x0}
So, somehow the hashmap contains a node with corrupted ->name; I tried setting
a watchpoint on ->name, but the node is deallocated almost immediatly in
remoteDispatchNodeDeviceLookupByName.
L
More information about the Pkg-libvirt-maintainers
mailing list