[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] question about SIGSEGV in datacopier_readable in libxl_aoutil.c [and 1 more messages]



Ian Campbell writes ("Re: [Xen-devel] question about SIGSEGV in 
datacopier_readable in libxl_aoutil.c"):
> On Tue, 2013-09-03 at 15:01 +0800, Chunyan Liu wrote:
> >       if (!buf || buf->used >= sizeof(buf->buf)) {
> >             buf = malloc(sizeof(*buf));
... 
> > ==7510== Syscall param read(buf) points to unaddressable byte(s)
...
> > ==7510==  Address 0x18a409ec is 0 bytes after a block of size 28 alloc'd
> > ==7510==    at 0x4C26FFB: calloc (in 
> > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> > ==7510==    by 0x14AAECB6: libxl__zalloc (libxl_internal.c:83)
> > ==7510==    by 0x14AB33B0: libxl__datacopier_prefixdata (libxl_aoutils.c:92)

I think this is my fault.  Please try this patch.

Thanks,
Ian.

commit 25cd65c97b733d5892b62c3ffae0887f426398ec
Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date:   Tue Sep 3 13:41:46 2013 +0100

    libxl: Do not generate short block in libxl__datacopier_prefixdata
    
    libxl__datacopier_prefixdata would prepend a deliberately short block
    (not just a half-full one, but one with a short buffer) to the
    dc->bufs queue.  However, this is wrong because datacopier_readable
    will find it and try to continue to fill it up.
    
    Instead, allocate a full-sized buffer.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

diff --git a/tools/libxl/libxl_aoutils.c b/tools/libxl/libxl_aoutils.c
index 983a60a..b4eb6e5 100644
--- a/tools/libxl/libxl_aoutils.c
+++ b/tools/libxl/libxl_aoutils.c
@@ -89,7 +89,7 @@ void libxl__datacopier_prefixdata(libxl__egc *egc, 
libxl__datacopier_state *dc,
 
     assert(len < dc->maxsz - dc->used);
 
-    buf = libxl__zalloc(NOGC, sizeof(*buf) - sizeof(buf->buf) + len);
+    buf = libxl__zalloc(NOGC, sizeof(*buf));
     buf->used = len;
     memcpy(buf->buf, data, len);
 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.