[Pkg-libvirt-maintainers] Bug#716767: libvirt-bin: Segfaults in virUUIDParse

Luca Tettamanti ltettamanti at acunu.com
Fri Jul 12 13:14:15 UTC 2013 

Package: libvirt-bin
Version: 0.9.12-11+deb7u1
Severity: normal
Tags: patch

Hello,
>From time to time I get a segfault in virUUIDParse, with the following
stack trace:

(gdb) bt
#0  virUUIDParse (uuidstr=0x4 <Address 0x4 out of bounds>, uuid=uuid at entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/uuid.c:139
#1  0x00007f0eaa281485 in xenStoreDomainGetUUID conn=conn at entry=0x12546f0, id=<optimized out>, uuid=uuid at entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114
#2  0x00007f0eaa2815cf in xenStoreDomainIntroduced (conn=0x12546f0, path=<optimized out>, token=<optimized out>, opaque=0x1254810) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1360
#3  0x00007f0eaa27ffdb in xenStoreWatchEvent (watch=<optimized out>, fd=<optimized out>, events=<optimized out>, data=0x12546f0) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1300
#4  0x00007f0eaa189e7e in virEventPollDispatchHandles (fds=<optimized out>, nfds=<optimized out>) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:490
#5  virEventPollRunOnce () at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:637
#6  0x00007f0eaa1888b7 in virEventRunDefaultImpl () at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event.c:247
#7  0x00007f0eaa25cd7d in virNetServerRun (srv=0xd9fa00) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/rpc/virnetserver.c:712
#8  0x0000000000423ab1 in main (argc=<optimized out>, argv=<optimized out>) at /build/libvirt-FsA54o/libvirt-0.9.12/./daemon/libvirtd.c:1138
(gdb) f 1
#1  0x00007f0eaa281485 in xenStoreDomainGetUUID (conn=conn at entry=0x12546f0, id=<optimized out>, uuid=uuid at entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`")     at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114
1114        ret = virUUIDParse(uuidstr + 4, uuid);
(gdb) list
1109        /* This will return something like
1110         * /vm/00000000-0000-0000-0000-000000000000 */
1111        uuidstr = xs_read(priv->xshandle, 0, prop, &len);
1112
1113        /* remove "/vm/" */
1114        ret = virUUIDParse(uuidstr + 4, uuid);
1115
1116        VIR_FREE(uuidstr);
1117
1118        return ret;

xs_read() returns NULL and the surrounding code fails to check for this.

The bug happens maybe once a week on various hosts, and I'm not sure how
to reproduce it. It might be triggered by our management tools using
libvirt while another instace is being created/destroyed (i.e. some kind
of race condition).

For a quick glance to the latest code I think this might happend there
too. Regardless of the cause, xs_read can return NULL so the code should
check before using the resulting pointer:

--- libvirt-0.9.12.orig/src/xen/xs_internal.c
+++ libvirt-0.9.12/src/xen/xs_internal.c
@@ -1109,6 +1109,8 @@ int xenStoreDomainGetUUID(virConnectPtr
     /* This will return something like
      * /vm/00000000-0000-0000-0000-000000000000 */
     uuidstr = xs_read(priv->xshandle, 0, prop, &len);
+    if (uuidstr == NULL)
+        return -errno;
 
     /* remove "/vm/" */
     ret = virUUIDParse(uuidstr + 4, uuid);

What do you think?

Thanks,
Luca

-- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libvirt-bin depends on:
ii  adduser             3.113+nmu3
ii  gettext-base        0.18.1.1-9
ii  libavahi-client3    0.6.31-2
ii  libavahi-common3    0.6.31-2
ii  libblkid1           2.20.1-5.3
ii  libc6               2.13-38
ii  libcap-ng0          0.6.6-2
ii  libdbus-1-3         1.6.8-1+deb7u1
ii  libdevmapper1.02.1  2:1.02.74-7
ii  libgcrypt11         1.5.0-5
ii  libgnutls26         2.12.20-7
ii  libnetcf1           0.1.9-2
ii  libnl1              1.1-7
ii  libnuma1            2.0.8~rc4-1
ii  libparted0debian1   2.3-12
ii  libpcap0.8          1.3.0-1
ii  libpciaccess0       0.13.1-2
ii  libreadline6        6.2+dfsg-0.1
ii  libsasl2-2          2.1.25.dfsg1-6+deb7u1
ii  libudev0            175-7.2
ii  libvirt0            0.9.12-11+deb7u1
ii  libxenstore3.0      4.1.4-3+deb7u1
ii  libxml2             2.8.0+dfsg1-7+nmu1
ii  libyajl2            2.0.4-2
ii  logrotate           3.8.1-4

Versions of packages libvirt-bin recommends:
ii  bridge-utils    1.5-6
ii  dmidecode       2.11-9
ii  dnsmasq-base    2.62-3+deb7u1
ii  ebtables        2.0.10.4-1
ii  gawk            1:4.0.1+dfsg-2.1
ii  iproute         20120521-3+b3
ii  iptables        1.4.14-3.1
ii  libxml2-utils   2.8.0+dfsg1-7+nmu1
ii  netcat-openbsd  1.105-7
ii  parted          2.3-12
ii  qemu            1.1.2+dfsg-6a
ii  qemu-kvm        1.1.2+dfsg-6

Versions of packages libvirt-bin suggests:
ii  policykit-1  0.105-3
pn  radvd        <none>

-- Configuration Files:
/etc/default/libvirt-bin changed:
ulimit -c unlimited
start_libvirtd="yes"
libvirtd_opts="-d"


-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list