From b050781292056a3a1b5d05ddf28a5e71d8ee408d Mon Sep 17 00:00:00 2001 From: Gianni Tedesco Date: Fri, 10 Sep 2010 18:49:00 +0100 Subject: [PATCH] libxl: don't leak gc pointers to caller's structs; prevent double free libxl_build_device_model uses a pointer in a caller supplied data structure to synthesize a vif-name if one is not supplied. This is bad juju because the caller may want to free this pointer but by the time it get's a chance the gc has already done so. Switch to using a local variable for this pointer and avoid a double-free in the domain create path. Gianni Tedesco Signed-off-by: Ian Jackson --- tools/libxl/libxl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index d5e44e6a86..5e5c482347 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -1190,14 +1190,17 @@ static char ** libxl_build_device_model_args_old(libxl__gc *gc, char *smac = libxl__sprintf(gc, "%02x:%02x:%02x:%02x:%02x:%02x", vifs[i].mac[0], vifs[i].mac[1], vifs[i].mac[2], vifs[i].mac[3], vifs[i].mac[4], vifs[i].mac[5]); + char *ifname; if (!vifs[i].ifname) - vifs[i].ifname = libxl__sprintf(gc, "tap%d.%d", info->domid, vifs[i].devid); + ifname = libxl__sprintf(gc, "tap%d.%d", info->domid, vifs[i].devid); + else + ifname = vifs[i].ifname; flexarray_set(dm_args, num++, "-net"); flexarray_set(dm_args, num++, libxl__sprintf(gc, "nic,vlan=%d,macaddr=%s,model=%s", vifs[i].devid, smac, vifs[i].model)); flexarray_set(dm_args, num++, "-net"); flexarray_set(dm_args, num++, libxl__sprintf(gc, "tap,vlan=%d,ifname=%s,bridge=%s,script=no", - vifs[i].devid, vifs[i].ifname, vifs[i].bridge)); + vifs[i].devid, ifname, vifs[i].bridge)); ioemu_vifs++; } } -- 2.30.2