Xen project Mailing List

Re: [Xen-devel] question about SIGSEGV in datacopier_readable in libxl_aoutil.c [and 1 more messages]

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

From: Chunyan Liu <cyliu@xxxxxxxx>

Date: Wed, 4 Sep 2013 16:15:11 +0800

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Delivery-date: Wed, 04 Sep 2013 08:15:53 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

2013/9/3 Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

Ian Campbell writes ("Re: [Xen-devel] question about SIGSEGV in datacopier_readable in libxl_aoutil.c"):
> On Tue, 2013-09-03 at 15:01 +0800, Chunyan Liu wrote:
> > Â Â Â if (!buf || buf->used >= sizeof(buf->buf)) {
> > Â Â Â Â Â Â buf = malloc(sizeof(*buf));
...
> > ==7510== Syscall param read(buf) points to unaddressable byte(s)
...
> > ==7510== ÂAddress 0x18a409ec is 0 bytes after a block of size 28 alloc'd
> > ==7510== Â Âat 0x4C26FFB: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> > ==7510== Â Âby 0x14AAECB6: libxl__zalloc (libxl_internal.c:83)
> > ==7510== Â Âby 0x14AB33B0: libxl__datacopier_prefixdata (libxl_aoutils.c:92)

I think this is my fault. ÂPlease try this patch.

Thanks,
Ian.

commit 25cd65c97b733d5892b62c3ffae0887f426398ec
Author: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Date: Â Tue Sep 3 13:41:46 2013 +0100

Â Â libxl: Do not generate short block in libxl__datacopier_prefixdata

Â Â libxl__datacopier_prefixdata would prepend a deliberately short block
Â Â (not just a half-full one, but one with a short buffer) to the
Â Â dc->bufs queue. ÂHowever, this is wrong because datacopier_readable
Â Â will find it and try to continue to fill it up.

Â Â Instead, allocate a full-sized buffer.

Â Â Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

diff --git a/tools/libxl/libxl_aoutils.c b/tools/libxl/libxl_aoutils.c
index 983a60a..b4eb6e5 100644
--- a/tools/libxl/libxl_aoutils.c
+++ b/tools/libxl/libxl_aoutils.c
@@ -89,7 +89,7 @@ void libxl__datacopier_prefixdata(libxl__egc *egc, libxl__datacopier_state *dc,

Â Â Âassert(len < dc->maxsz - dc->used);

- Â Âbuf = libxl__zalloc(NOGC, sizeof(*buf) - sizeof(buf->buf) + len);
+ Â Âbuf = libxl__zalloc(NOGC, sizeof(*buf));
Â Â Âbuf->used = len;
Â Â Âmemcpy(buf->buf, data, len);

Tried the patch. It worked. Thanks.
Â

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel