Your message dated Thu, 11 May 2023 01:00:43 +0200
with message-id <ZFwiG5d28Ko4B+jA@meyneth>
and subject line Re: libvirt-bin: Segfaults in virUUIDParse
has caused the Debian Bug report #716767,
regarding libvirt-bin: Segfaults in virUUIDParse
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
716767: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716767
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvirt-bin
Version: 0.9.12-11+deb7u1
Severity: normal
Tags: patch
Hello,
>From time to time I get a segfault in virUUIDParse, with the following
stack trace:
(gdb) bt
#0 virUUIDParse (uuidstr=0x4 <Address 0x4 out of bounds>,
uuid=uuid@entry=0x7fffc1ebe700
"g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/util/uuid.c:139
#1 0x00007f0eaa281485 in xenStoreDomainGetUUID conn=conn@entry=0x12546f0,
id=<optimized out>, uuid=uuid@entry=0x7fffc1ebe700
"g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114
#2 0x00007f0eaa2815cf in xenStoreDomainIntroduced (conn=0x12546f0,
path=<optimized out>, token=<optimized out>, opaque=0x1254810) at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1360
#3 0x00007f0eaa27ffdb in xenStoreWatchEvent (watch=<optimized out>,
fd=<optimized out>, events=<optimized out>, data=0x12546f0) at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1300
#4 0x00007f0eaa189e7e in virEventPollDispatchHandles (fds=<optimized out>,
nfds=<optimized out>) at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:490
#5 virEventPollRunOnce () at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:637
#6 0x00007f0eaa1888b7 in virEventRunDefaultImpl () at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event.c:247
#7 0x00007f0eaa25cd7d in virNetServerRun (srv=0xd9fa00) at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/rpc/virnetserver.c:712
#8 0x0000000000423ab1 in main (argc=<optimized out>, argv=<optimized out>) at
/build/libvirt-FsA54o/libvirt-0.9.12/./daemon/libvirtd.c:1138
(gdb) f 1
#1 0x00007f0eaa281485 in xenStoreDomainGetUUID (conn=conn@entry=0x12546f0,
id=<optimized out>, uuid=uuid@entry=0x7fffc1ebe700
"g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at
/build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114
1114 ret = virUUIDParse(uuidstr + 4, uuid);
(gdb) list
1109 /* This will return something like
1110 * /vm/00000000-0000-0000-0000-000000000000 */
1111 uuidstr = xs_read(priv->xshandle, 0, prop, &len);
1112
1113 /* remove "/vm/" */
1114 ret = virUUIDParse(uuidstr + 4, uuid);
1115
1116 VIR_FREE(uuidstr);
1117
1118 return ret;
xs_read() returns NULL and the surrounding code fails to check for this.
The bug happens maybe once a week on various hosts, and I'm not sure how
to reproduce it. It might be triggered by our management tools using
libvirt while another instace is being created/destroyed (i.e. some kind
of race condition).
For a quick glance to the latest code I think this might happend there
too. Regardless of the cause, xs_read can return NULL so the code should
check before using the resulting pointer:
--- libvirt-0.9.12.orig/src/xen/xs_internal.c
+++ libvirt-0.9.12/src/xen/xs_internal.c
@@ -1109,6 +1109,8 @@ int xenStoreDomainGetUUID(virConnectPtr
/* This will return something like
* /vm/00000000-0000-0000-0000-000000000000 */
uuidstr = xs_read(priv->xshandle, 0, prop, &len);
+ if (uuidstr == NULL)
+ return -errno;
/* remove "/vm/" */
ret = virUUIDParse(uuidstr + 4, uuid);
What do you think?
Thanks,
Luca
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libvirt-bin depends on:
ii adduser 3.113+nmu3
ii gettext-base 0.18.1.1-9
ii libavahi-client3 0.6.31-2
ii libavahi-common3 0.6.31-2
ii libblkid1 2.20.1-5.3
ii libc6 2.13-38
ii libcap-ng0 0.6.6-2
ii libdbus-1-3 1.6.8-1+deb7u1
ii libdevmapper1.02.1 2:1.02.74-7
ii libgcrypt11 1.5.0-5
ii libgnutls26 2.12.20-7
ii libnetcf1 0.1.9-2
ii libnl1 1.1-7
ii libnuma1 2.0.8~rc4-1
ii libparted0debian1 2.3-12
ii libpcap0.8 1.3.0-1
ii libpciaccess0 0.13.1-2
ii libreadline6 6.2+dfsg-0.1
ii libsasl2-2 2.1.25.dfsg1-6+deb7u1
ii libudev0 175-7.2
ii libvirt0 0.9.12-11+deb7u1
ii libxenstore3.0 4.1.4-3+deb7u1
ii libxml2 2.8.0+dfsg1-7+nmu1
ii libyajl2 2.0.4-2
ii logrotate 3.8.1-4
Versions of packages libvirt-bin recommends:
ii bridge-utils 1.5-6
ii dmidecode 2.11-9
ii dnsmasq-base 2.62-3+deb7u1
ii ebtables 2.0.10.4-1
ii gawk 1:4.0.1+dfsg-2.1
ii iproute 20120521-3+b3
ii iptables 1.4.14-3.1
ii libxml2-utils 2.8.0+dfsg1-7+nmu1
ii netcat-openbsd 1.105-7
ii parted 2.3-12
ii qemu 1.1.2+dfsg-6a
ii qemu-kvm 1.1.2+dfsg-6
Versions of packages libvirt-bin suggests:
ii policykit-1 0.105-3
pn radvd <none>
-- Configuration Files:
/etc/default/libvirt-bin changed:
ulimit -c unlimited
start_libvirtd="yes"
libvirtd_opts="-d"
-- no debconf information
--- End Message ---
--- Begin Message ---
Package: libvirt
Version: 5.0.0-1
As pointed out by Christian, the problematic code is long gone.
Closing.
--
Andrea Bolognani <[email protected]>
Resistance is futile, you will be garbage collected.
signature.asc
Description: PGP signature
--- End Message ---
