[Pkg-libvirt-maintainers] Bug#716767: libvirt-bin: Segfaults in virUUIDParse
Luca Tettamanti
ltettamanti at acunu.com
Fri Jul 12 13:14:15 UTC 2013
Package: libvirt-bin
Version: 0.9.12-11+deb7u1
Severity: normal
Tags: patch
Hello,
>From time to time I get a segfault in virUUIDParse, with the following
stack trace:
(gdb) bt
#0 virUUIDParse (uuidstr=0x4 <Address 0x4 out of bounds>, uuid=uuid at entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/uuid.c:139
#1 0x00007f0eaa281485 in xenStoreDomainGetUUID conn=conn at entry=0x12546f0, id=<optimized out>, uuid=uuid at entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114
#2 0x00007f0eaa2815cf in xenStoreDomainIntroduced (conn=0x12546f0, path=<optimized out>, token=<optimized out>, opaque=0x1254810) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1360
#3 0x00007f0eaa27ffdb in xenStoreWatchEvent (watch=<optimized out>, fd=<optimized out>, events=<optimized out>, data=0x12546f0) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1300
#4 0x00007f0eaa189e7e in virEventPollDispatchHandles (fds=<optimized out>, nfds=<optimized out>) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:490
#5 virEventPollRunOnce () at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:637
#6 0x00007f0eaa1888b7 in virEventRunDefaultImpl () at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event.c:247
#7 0x00007f0eaa25cd7d in virNetServerRun (srv=0xd9fa00) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/rpc/virnetserver.c:712
#8 0x0000000000423ab1 in main (argc=<optimized out>, argv=<optimized out>) at /build/libvirt-FsA54o/libvirt-0.9.12/./daemon/libvirtd.c:1138
(gdb) f 1
#1 0x00007f0eaa281485 in xenStoreDomainGetUUID (conn=conn at entry=0x12546f0, id=<optimized out>, uuid=uuid at entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114
1114 ret = virUUIDParse(uuidstr + 4, uuid);
(gdb) list
1109 /* This will return something like
1110 * /vm/00000000-0000-0000-0000-000000000000 */
1111 uuidstr = xs_read(priv->xshandle, 0, prop, &len);
1112
1113 /* remove "/vm/" */
1114 ret = virUUIDParse(uuidstr + 4, uuid);
1115
1116 VIR_FREE(uuidstr);
1117
1118 return ret;
xs_read() returns NULL and the surrounding code fails to check for this.
The bug happens maybe once a week on various hosts, and I'm not sure how
to reproduce it. It might be triggered by our management tools using
libvirt while another instace is being created/destroyed (i.e. some kind
of race condition).
For a quick glance to the latest code I think this might happend there
too. Regardless of the cause, xs_read can return NULL so the code should
check before using the resulting pointer:
--- libvirt-0.9.12.orig/src/xen/xs_internal.c
+++ libvirt-0.9.12/src/xen/xs_internal.c
@@ -1109,6 +1109,8 @@ int xenStoreDomainGetUUID(virConnectPtr
/* This will return something like
* /vm/00000000-0000-0000-0000-000000000000 */
uuidstr = xs_read(priv->xshandle, 0, prop, &len);
+ if (uuidstr == NULL)
+ return -errno;
/* remove "/vm/" */
ret = virUUIDParse(uuidstr + 4, uuid);
What do you think?
Thanks,
Luca
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libvirt-bin depends on:
ii adduser 3.113+nmu3
ii gettext-base 0.18.1.1-9
ii libavahi-client3 0.6.31-2
ii libavahi-common3 0.6.31-2
ii libblkid1 2.20.1-5.3
ii libc6 2.13-38
ii libcap-ng0 0.6.6-2
ii libdbus-1-3 1.6.8-1+deb7u1
ii libdevmapper1.02.1 2:1.02.74-7
ii libgcrypt11 1.5.0-5
ii libgnutls26 2.12.20-7
ii libnetcf1 0.1.9-2
ii libnl1 1.1-7
ii libnuma1 2.0.8~rc4-1
ii libparted0debian1 2.3-12
ii libpcap0.8 1.3.0-1
ii libpciaccess0 0.13.1-2
ii libreadline6 6.2+dfsg-0.1
ii libsasl2-2 2.1.25.dfsg1-6+deb7u1
ii libudev0 175-7.2
ii libvirt0 0.9.12-11+deb7u1
ii libxenstore3.0 4.1.4-3+deb7u1
ii libxml2 2.8.0+dfsg1-7+nmu1
ii libyajl2 2.0.4-2
ii logrotate 3.8.1-4
Versions of packages libvirt-bin recommends:
ii bridge-utils 1.5-6
ii dmidecode 2.11-9
ii dnsmasq-base 2.62-3+deb7u1
ii ebtables 2.0.10.4-1
ii gawk 1:4.0.1+dfsg-2.1
ii iproute 20120521-3+b3
ii iptables 1.4.14-3.1
ii libxml2-utils 2.8.0+dfsg1-7+nmu1
ii netcat-openbsd 1.105-7
ii parted 2.3-12
ii qemu 1.1.2+dfsg-6a
ii qemu-kvm 1.1.2+dfsg-6
Versions of packages libvirt-bin suggests:
ii policykit-1 0.105-3
pn radvd <none>
-- Configuration Files:
/etc/default/libvirt-bin changed:
ulimit -c unlimited
start_libvirtd="yes"
libvirtd_opts="-d"
-- no debconf information
More information about the Pkg-libvirt-maintainers
mailing list