)]}' { "commit": "a760715095e9cda6eb97486c040aa35f82297945", "tree": "3394a38a63f59603179a44ced7dee6477ab5b912", "parents": [ "20cca275c6190ca0027cf7dd369ba985e44a6537" ], "author": { "name": "Michal Privoznik", "email": "mprivozn@redhat.com", "time": "Wed Jun 25 10:38:41 2014 +0200" }, "committer": { "name": "Kevin Wolf", "email": "kwolf@redhat.com", "time": "Thu Jun 26 15:53:52 2014 +0200" }, "message": "qemu_opts_append: Play nicely with QemuOptsList\u0027s head\n\nWhen running a libvirt test suite I\u0027ve noticed the qemu-img is\ncrashing occasionally. Tracing the problem down led me to the\nfollowing valgrind output:\n\nqemu.git $ valgrind -q ./qemu-img create -f qed -obacking_file\u003d/dev/null,backing_fmt\u003draw qed\n\u003d\u003d14881\u003d\u003d Invalid write of size 8\n\u003d\u003d14881\u003d\u003d at 0x1D263F: qemu_opts_create (qemu-option.c:692)\n\u003d\u003d14881\u003d\u003d by 0x130782: bdrv_img_create (block.c:5531)\n\u003d\u003d14881\u003d\u003d by 0x118DE0: img_create (qemu-img.c:462)\n\u003d\u003d14881\u003d\u003d by 0x11E7E4: main (qemu-img.c:2830)\n\u003d\u003d14881\u003d\u003d Address 0x11fedd38 is 24 bytes inside a block of size 232 free\u0027d\n\u003d\u003d14881\u003d\u003d at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)\n\u003d\u003d14881\u003d\u003d by 0x592D35E: g_realloc (in /usr/lib64/libglib-2.0.so.0.3800.2)\n\u003d\u003d14881\u003d\u003d by 0x1D38D8: qemu_opts_append (qemu-option.c:1129)\n\u003d\u003d14881\u003d\u003d by 0x13075E: bdrv_img_create (block.c:5528)\n\u003d\u003d14881\u003d\u003d by 0x118DE0: img_create (qemu-img.c:462)\n\u003d\u003d14881\u003d\u003d by 0x11E7E4: main (qemu-img.c:2830)\n\u003d\u003d14881\u003d\u003d\nFormatting \u0027qed\u0027, fmt\u003dqed size\u003d0 backing_file\u003d\u0027/dev/null\u0027 backing_fmt\u003d\u0027raw\u0027 cluster_size\u003d65536\n\u003d\u003d14881\u003d\u003d Invalid write of size 8\n\u003d\u003d14881\u003d\u003d at 0x1D28BE: qemu_opts_del (qemu-option.c:750)\n\u003d\u003d14881\u003d\u003d by 0x130BF3: bdrv_img_create (block.c:5638)\n\u003d\u003d14881\u003d\u003d by 0x118DE0: img_create (qemu-img.c:462)\n\u003d\u003d14881\u003d\u003d by 0x11E7E4: main (qemu-img.c:2830)\n\u003d\u003d14881\u003d\u003d Address 0x11fedd38 is 24 bytes inside a block of size 232 free\u0027d\n\u003d\u003d14881\u003d\u003d at 0x4C2CA5E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)\n\u003d\u003d14881\u003d\u003d by 0x592D35E: g_realloc (in /usr/lib64/libglib-2.0.so.0.3800.2)\n\u003d\u003d14881\u003d\u003d by 0x1D38D8: qemu_opts_append (qemu-option.c:1129)\n\u003d\u003d14881\u003d\u003d by 0x13075E: bdrv_img_create (block.c:5528)\n\u003d\u003d14881\u003d\u003d by 0x118DE0: img_create (qemu-img.c:462)\n\u003d\u003d14881\u003d\u003d by 0x11E7E4: main (qemu-img.c:2830)\n\u003d\u003d14881\u003d\u003d\n\nThe problem is apparently in the qemu_opts_append(). Well, if it\ngets called twice or more. On the first call, when @dst is NULL\nsome initialization is done during which @dst-\u003ehead list gets\ninitialized. The list is initialized in a way, so that the list\ntail points at the list head. However, the next time\nqemu_opts_append() is called for new options to be added,\ng_realloc() may move @dst to a new address making the old list tail\npoint at an invalid address. If that\u0027s the case, we must update the\nlist pointers.\n\nSigned-off-by: Michal Privoznik \u003cmprivozn@redhat.com\u003e\nReviewed-by: Eric Blake \u003ceblake@redhat.com\u003e\nSigned-off-by: Kevin Wolf \u003ckwolf@redhat.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "43de3add291dc15aef712c245f94e04f9f9bfe18", "old_mode": 33188, "old_path": "util/qemu-option.c", "new_id": "6dc27ce04f5ced3715e07eb3f6c8744db9a7c8d5", "new_mode": 33188, "new_path": "util/qemu-option.c" } ] }