NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

conf: Fix out-of-bounds write during cleanup of virDomainNumaDefNodeDistanceParseXML

Browse Source 
mem_nodes[i].ndistances is written outside the loop causing an out-of-bounds
write leading to heap corruption.

While we are at it, the entire cleanup portion can be removed as it can be
handled in virDomainNumaFree. One instance of VIR_FREE is also removed and
replaced with g_autofree.

This patch also adds a testcase which would be picked up by ASAN, if this
portion regresses.

Fixes: 742494eed8
Signed-off-by: Rayhan Faizel <rayhan.faizel@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Rayhan Faizel
2024-07-04 15:22:07 +05:30
committed by Michal Privoznik
parent d666426718
commit 1ebb892472
4 changed files with 40 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/qemuxmlconfdata/cpu-numa-distance-nonexistent-sibling.x86_64-latest.err Normal file
View File

@@ -0,0 +1 @@
XML error: 'sibling_id 2' does not refer to a valid cell within NUMA 'cell id 1'

29
tests/qemuxmlconfdata/cpu-numa-distance-nonexistent-sibling.xml Normal file
View File

@@ -0,0 +1,29 @@
<domain type='qemu'>
<name>QEMUGuest1</name>
<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
<memory unit='KiB'>219100</memory>
<currentMemory unit='KiB'>219100</currentMemory>
<vcpu placement='static'>16</vcpu>
<os>
<type arch='x86_64' machine='pc'>hvm</type>
<boot dev='network'/>
</os>
<cpu>
<topology sockets='2' dies='1' cores='4' threads='2'/>
<numa>
<cell id='1' cpus='8-15' memory='109550' unit='KiB'>
<distances>
<sibling id='2' value='10'/>
</distances>
</cell>
<cell id='0' cpus='0-7' memory='109550' unit='KiB'/>
</numa>
</cpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
</devices>
</domain>

1
tests/qemuxmlconftest.c
View File

@@ -2160,6 +2160,7 @@ mymain(void)
DO_TEST_CAPS_LATEST_PARSE_ERROR("cpu-numa3");
DO_TEST_CAPS_LATEST("cpu-numa-disjoint");
DO_TEST_CAPS_LATEST("cpu-numa-memshared");
DO_TEST_CAPS_LATEST_PARSE_ERROR("cpu-numa-distance-nonexistent-sibling");
/* host-model cpu expansion depends on the cpu reported by qemu and thus
* we invoke it for all real capability dumps we have */