[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] NULL pointer dereference at at libxlu_cfg.c:356



On 29/04/15 11:26, Razvan Cojocaru wrote:
Hello,

This happens:

(gdb) r create /etc/xen/4xenwin7.conf
Starting program: /usr/sbin/xl create /etc/xen/4xenwin7.conf
warning: no loadable sections found in added symbol-file system-supplied
DSO at 0x7ffff7ffa000
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Parsing config from /etc/xen/4xenwin7.conf

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bce695 in xlu_cfg_get_listitem (list=0x633298, entry=0) at
libxlu_cfg.c:356
356         if (list->values[entry]->type != XLU_STRING) return 0;
(gdb) bt
#0  0x00007ffff7bce695 in xlu_cfg_get_listitem (list=0x633298, entry=0)
at libxlu_cfg.c:356
#1  0x000000000040dc41 in parse_config_data
(config_source=0x7fffffffe8af "/etc/xen/4xenwin7.conf",
     config_data=0x632d60 "builder = 'hvm'\ndevice_model_version =
'qemu-xen-traditional'\npae = 1\nmemory = 1024\nmaxmem =
1024\nshadow_memory = 16\nname = '4xenwin7'\nvif = []\n#vif = [
'bridge=xenbr0' ]\n#vif = [ 'bridge=eth0' ]\nacpi"..., config_len=447,
d_config=0x7fffffffdc60) at xl_cmdimpl.c:1814
#2  0x0000000000410bc6 in create_domain (dom_info=0x7fffffffe080) at
xl_cmdimpl.c:2646
#3  0x0000000000417226 in main_create (argc=1, argv=0x7fffffffe678) at
xl_cmdimpl.c:4866
#4  0x00000000004083c3 in main (argc=2, argv=0x7fffffffe670) at xl.c:361
(gdb) p list
$1 = (const XLU_ConfigList *) 0x633298
(gdb) p list->values[entry]
$2 = (XLU_ConfigValue *) 0x0

when using this configuration file:

# cat /etc/xen/4xenwin7.conf
builder = 'hvm'
device_model_version = 'qemu-xen-traditional'
pae = 1
memory = 1024
maxmem = 1024
shadow_memory = 16
name = '4xenwin7'
vif = []
#vif = [ 'bridge=xenbr0' ]
acpi = 1
apic = 1
vcpus = 1
disk = [ 'file:/root/4xenwin7.img,hda,w',
'file:/root/windows7.iso,hdc:cdrom,r' ]
boot = 'c'
sdl = 0
nomigrate = 1
vnc = 1
vncconsole = 1
vncpasswd = ''
serial = 'pipe:/root/debug.pipe'
usbdevice = 'tablet'

It always happens when I switch from vif = [ 'bridge=xenbr0' ] to vif =
[]. If I don't mention vif at all there's no crash.

This happens with Xen 4.6 (master, pulled today). I can submit a patch
to check that list->values[entry] != NULL, but maybe the maintaners
would prefer to go in a different direction with the fix.

As it turns out, the very top commit in staging is a fix for this bug.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.