On Mon, Aug 11, 2014 at 03:50:03PM +0900, Hitoshi Mitake wrote: > Calling error_get_progname() in the context of qemu-io can cause > segmentation fault because qemu-io doesn't initialize its progname > with error_set_progname(). This patch adds the initialization. > > Cc: Kevin Wolf <kw...@redhat.com> > Cc: Stefan Hajnoczi <stefa...@redhat.com> > Signed-off-by: Hitoshi Mitake <mitake.hito...@lab.ntt.co.jp> > --- > qemu-io.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/qemu-io.c b/qemu-io.c > index b55a550..6f08a91 100644 > --- a/qemu-io.c > +++ b/qemu-io.c > @@ -395,6 +395,7 @@ int main(int argc, char **argv) > #endif > > progname = basename(argv[0]); > + error_set_progname(progname);
From the basename(3) man page: These functions may return pointers to statically allocated memory which may be overwritten by subsequent calls. Since error_set_progname() does not copy its argument, it is not safe to pass the basename(3) return value. Just pass in argv[0] like vl.c does. Please also update the commit description to make it clear that qemu-io currently does not use error_get_progname() so the crash doesn't occur in practice (I guess you discovered it while modifying the code).
pgplop3YjhkH2.pgp
Description: PGP signature