Bug 680289

Summary: off-by-one in virFileAbsPath can lead to memory corruption [5.7]
Product: Red Hat Enterprise Linux 5 Reporter: Eric Blake <eblake>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.7CC: dallan, dyuan, eblake, mjenner, mzhan, rwu, virt-maint, whuang, xen-maint, ydu, zpeng
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.8.2-26.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 680281 Environment:
Last Closed: 2013-01-08 04:56:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 680281    
Bug Blocks: 807971    

Comment 3 RHEL Program Management 2012-03-30 14:17:48 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 6 Michal Privoznik 2012-04-30 08:25:24 UTC 
Moving to POST:

http://post-office.corp.redhat.com/archives/rhvirt-patches/2012-April/msg00884.html
Comment 9 zhe peng 2012-06-26 05:43:24 UTC 
can reproduce this with:
libvirt-0.8.2-25.el5
kvm-83-249.el5
kernel-2.6.18-308.el5
valgrind-3.5.0-5.el5

verify with:
libvirt-0.8.2-26.el5
kvm-83-254.el5
kernel-2.6.18-321.el5

step:
# LIBVIRT_LOG_OUTPUTS='4:file:log' valgrind virsh version

==4259== Memcheck, a memory error detector
==4259== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==4259== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==4259== Command: virsh version
==4259== 
Compiled against library: libvir 0.8.2
Using library: libvir 0.8.2
Using API: QEMU 0.8.2
Running hypervisor: QEMU 0.9.1

==4259== Warning: invalid file descriptor -1 in syscall close()
==4259== 
==4259== HEAP SUMMARY:
==4259==     in use at exit: 21,631 bytes in 386 blocks
==4259==   total heap usage: 616 allocs, 230 frees, 1,977,444 bytes allocated
==4259== 
==4259== LEAK SUMMARY:
==4259==    definitely lost: 11 bytes in 1 blocks
==4259==    indirectly lost: 0 bytes in 0 blocks
==4259==      possibly lost: 0 bytes in 0 blocks
==4259==    still reachable: 21,620 bytes in 385 blocks
==4259==         suppressed: 0 bytes in 0 blocks
==4259== Rerun with --leak-check=full to see details of leaked memory
==4259== 
==4259== For counts of detected and suppressed errors, rerun with: -v
==4259== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)

no error detected,verification passed.move to verified.
Comment 11 errata-xmlrpc 2013-01-08 04:56:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0127.html