Red Hat Bugzilla – Bug 819636
virsh heap corruption due to bad memmove
Last modified: 2012-06-20 02:58:12 EDT
Description of problem: Commit 35d52b56 (backported to 6.2 via bug 638510) had an off-by-three memmove, which can be used to cause a glibc abort. Version-Release number of selected component (if applicable): libvirt-0.9.10-16.el6 How reproducible: 100% Steps to Reproduce: 1. $ valgrind virsh -c test:///default snapshot-create-as test --print-xml --diskspec vda,file=a,,b 2. 3. Actual results: Note the 'invalid write of size 1' errors. Running with MALLOC_PERTURB_ set to non-zero values can also be used to provoke heap corruption. Expected results: No invalid reads or writes. Additional info: Upstream patch: https://www.redhat.com/archives/libvir-list/2012-May/msg00398.html
In POST: http://post-office.corp.redhat.com/archives/rhvirt-patches/2012-May/msg00156.html
Verify this bug : libvirt-0.9.10-18.el6.x86_64 there is not "invalid write of size 1" error #valgrind virsh -c test:///default snapshot-create-as test --print-xml --diskspec vda,file=a,,b ... ==29018== HEAP SUMMARY: ==29018== in use at exit: 127,906 bytes in 1,362 blocks ==29018== total heap usage: 6,496 allocs, 5,134 frees, 850,278 bytes allocated ==29018== ==29018== LEAK SUMMARY: ==29018== definitely lost: 0 bytes in 0 blocks ==29018== indirectly lost: 0 bytes in 0 blocks ==29018== possibly lost: 0 bytes in 0 blocks ==29018== still reachable: 127,906 bytes in 1,362 blocks ==29018== suppressed: 0 bytes in 0 blocks ==29018== Rerun with --leak-check=full to see details of leaked memory ==29018== ==29018== For counts of detected and suppressed errors, rerun with: -v ==29018== Use --track-origins=yes to see where uninitialised values come from ==29018== ERROR SUMMARY: 45 errors from 10 contexts (suppressed: 8 from 6)
Move it to VERIFIED per Comment 4.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0748.html