680289 – off-by-one in virFileAbsPath can lead to memory corruption [5.7]

Bug 680289 - off-by-one in virFileAbsPath can lead to memory corruption [5.7]

Summary: off-by-one in virFileAbsPath can lead to memory corruption [5.7]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	5.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Michal Privoznik
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	680281
Blocks:	807971
TreeView+	depends on / blocked

Reported:	2011-02-24 22:32 UTC by Eric Blake
Modified:	2015-09-28 02:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:	libvirt-0.8.2-26.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:	680281
Environment:
Last Closed:	2013-01-08 04:56:33 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0127	0	normal	SHIPPED_LIVE	Low: libvirt security and bug fix update	2013-01-08 09:21:34 UTC

Comment 3 RHEL Program Management 2012-03-30 14:17:48 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.

Comment 6 Michal Privoznik 2012-04-30 08:25:24 UTC

Moving to POST:

http://post-office.corp.redhat.com/archives/rhvirt-patches/2012-April/msg00884.html

Comment 9 zhe peng 2012-06-26 05:43:24 UTC

can reproduce this with:
libvirt-0.8.2-25.el5
kvm-83-249.el5
kernel-2.6.18-308.el5
valgrind-3.5.0-5.el5

verify with:
libvirt-0.8.2-26.el5
kvm-83-254.el5
kernel-2.6.18-321.el5

step:
# LIBVIRT_LOG_OUTPUTS='4:file:log' valgrind virsh version

==4259== Memcheck, a memory error detector
==4259== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==4259== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==4259== Command: virsh version
==4259== 
Compiled against library: libvir 0.8.2
Using library: libvir 0.8.2
Using API: QEMU 0.8.2
Running hypervisor: QEMU 0.9.1

==4259== Warning: invalid file descriptor -1 in syscall close()
==4259== 
==4259== HEAP SUMMARY:
==4259==     in use at exit: 21,631 bytes in 386 blocks
==4259==   total heap usage: 616 allocs, 230 frees, 1,977,444 bytes allocated
==4259== 
==4259== LEAK SUMMARY:
==4259==    definitely lost: 11 bytes in 1 blocks
==4259==    indirectly lost: 0 bytes in 0 blocks
==4259==      possibly lost: 0 bytes in 0 blocks
==4259==    still reachable: 21,620 bytes in 385 blocks
==4259==         suppressed: 0 bytes in 0 blocks
==4259== Rerun with --leak-check=full to see details of leaked memory
==4259== 
==4259== For counts of detected and suppressed errors, rerun with: -v
==4259== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 4 from 4)

no error detected,verification passed.move to verified.

Comment 11 errata-xmlrpc 2013-01-08 04:56:33 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0127.html

Note You need to log in before you can comment on or make changes to this bug.