Bug 829107 - valgrind defects some use-after-free errors - virsh change-media
valgrind defects some use-after-free errors - virsh change-media
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt (Show other bugs)
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Osier Yang
Virtualization Bugs
Depends On:
  Show dependency treegraph
Reported: 2012-06-05 22:38 EDT by dyuan
Modified: 2015-09-27 22:21 EDT (History)
9 users (show)

See Also:
Fixed In Version: libvirt-0.9.13-3.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-21 02:16:33 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 16:18:26 EST

  None (edit)
Description dyuan 2012-06-05 22:38:37 EDT
Description of problem:
valgrind error for change-media.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. # valgrind -v virsh change-media 3 hdc /var/lib/libvirt/images/foo2.img
==16217== 1 errors in context 1 of 12:
==16217== Invalid read of size 1
==16217==    at 0x4A07804: __GI_strlen (mc_replace_strmem.c:284)
==16217==    by 0x3019F167F6: xdr_string (in /lib64/libc-2.12.so)
==16217==    by 0x3033709E8D: xdr_remote_nonnull_string (remote_protocol.c:31)
==16217==    by 0x303370E5CB: xdr_remote_domain_update_device_flags_args (remote_protocol.c:2028)
==16217==    by 0x30337197D1: virNetMessageEncodePayload (virnetmessage.c:341)
==16217==    by 0x30337135E1: virNetClientProgramCall (virnetclientprogram.c:327)
==16217==    by 0x30336F1EFD: callWithFD (remote_driver.c:4586)
==16217==    by 0x30336F1F7B: call (remote_driver.c:4607)
==16217==    by 0x30336F42F2: remoteDomainUpdateDeviceFlags (remote_client_bodies.h:2865)
==16217==    by 0x30336D46E5: virDomainUpdateDeviceFlags (libvirt.c:9457)
==16217==    by 0x41AEE8: cmdChangeMedia (virsh.c:15249)
==16217==    by 0x413CB4: vshCommandRun (virsh.c:18669)
==16217==  Address 0x4ec5e25 is 0 bytes after a block of size 293 alloc'd
==16217==    at 0x4A04A28: calloc (vg_replace_malloc.c:467)
==16217==    by 0x303364F1DB: virAllocN (memory.c:129)
==16217==    by 0x41A844: vshPrepareDiskXML (virsh.c:15043)
==16217==    by 0x41AECC: cmdChangeMedia (virsh.c:15246)
==16217==    by 0x413CB4: vshCommandRun (virsh.c:18669)
==16217==    by 0x423973: main (virsh.c:20261)

Actual results:
defect errors.

Expected results:
no error.

Additional info:
Comment 2 Osier Yang 2012-06-14 22:20:36 EDT
commit in upstream e3843d7f04. move to POST.
Comment 4 zhpeng 2012-07-24 02:48:15 EDT
Test with libvirt-0.9.13-3.el6

valgrind -v virsh change-media ccc hdc /var/lib/libvirt/images/floppy2.img 2> valgrind.log 
succeeded to complete action update on media

Step same as comment 0.

valgrind.log not include such error, so this is verified.
Comment 5 errata-xmlrpc 2013-02-21 02:16:33 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.