Re: [lxc-devel] [PATCH] fix free() of args to startl

Tue, 29 Oct 2013 11:56:18 -0700 

On Tue, Oct 29, 2013 at 02:38:00PM -0400, Dwight Engen wrote:
> Coverity 1076328 marked this as "Use after free", which it isn't really,
> its actually just free()ing the wrong 2nd, 3rd, etc... pointers. Test by
> passing two or more args to startl, without this change you get segfault
> when free()ing the second pointer/arg.
> 
> Signed-off-by: Dwight Engen <dwight.en...@oracle.com>

Confirmed the crash here with two lines of python :)

Acked-by: Stéphane Graber <stgra...@ubuntu.com>

> ---
>  src/lxc/lxccontainer.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index f2f7240..9d537a6 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -641,9 +641,9 @@ static bool lxcapi_startl(struct lxc_container *c, int 
> useinit, ...)
>  
>  out:
>       if (inargs) {
> -             char *arg;
> -             for (arg = *inargs; arg; arg++)
> -                     free(arg);
> +             char **arg;
> +             for (arg = inargs; *arg; arg++)
> +                     free(*arg);
>               free(inargs);
>       }
>  
> -- 
> 1.8.3.1
> 
> 
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com

Attachment: signature.asc
Description: Digital signature

------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to