From: "Daniel P. Berrange" <berrange@redhat.com>
To: xen-devel@lists.xensource.com
Subject: [PATCH] Fix memory corruption in pygrub/fsimage python binding
Date: Tue, 30 Jan 2007 17:38:10 +0000 [thread overview]
Message-ID: <20070130173810.GG18642@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1456 bytes --]
In updating Fedora 7 to use Xen 3.0.4 we encountered a problem with the
use of pygrub - it would trigger a memory corruption report by glibc's
free() routine having been given an invalid pointer. The pygrub process
is thus terminated with extreme prejudice by glibc with SIGABRT
After a little painful memory debugging in python I discovered that the
fsimage python binding is mistakenly using PyMem_DEL instead of PyObject_DEL
to deallocate its objects.
PyMem_DEL simply ends up in a #define to free(). The memory associated with
Python objects is not neccessarily allocated by malloc(), so calling free()
is bogus. Python keeps an internal memory pool from which it allocates
objects, so upon deallocation memory needs to be returned to this pool
rather than free'd.
As for why no one has hit this before I can only assume this is showing up
now because of ever stricted glibc memory checking, internal changes in
python 2.5 memory handling, or a combo of both + a little good/bad luck
The attached patch corrects the fsimage binding to call PyObject_DEL.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
[-- Attachment #2: pygrub-memcorruption.patch --]
[-- Type: text/plain, Size: 669 bytes --]
diff -r 82c306ad212e tools/pygrub/src/fsimage/fsimage.c
--- a/tools/pygrub/src/fsimage/fsimage.c Thu Jan 25 10:34:17 2007 +0000
+++ b/tools/pygrub/src/fsimage/fsimage.c Tue Jan 30 12:18:30 2007 -0500
@@ -125,7 +125,7 @@ fsimage_file_dealloc(fsimage_file_t *fil
if (file->file != NULL)
fsi_close_file(file->file);
Py_XDECREF(file->fs);
- PyMem_DEL(file);
+ PyObject_DEL(file);
}
static char fsimage_file_type__doc__[] = "Filesystem image file";
@@ -226,7 +226,7 @@ fsimage_fs_dealloc (fsimage_fs_t *fs)
{
if (fs->fs != NULL)
fsi_close_fsimage(fs->fs);
- PyMem_DEL(fs);
+ PyObject_DEL(fs);
}
PyDoc_STRVAR(fsimage_fs_type__doc__, "Filesystem image");
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
next reply other threads:[~2007-01-30 17:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-30 17:38 Daniel P. Berrange [this message]
2007-01-30 18:24 ` [PATCH] Fix memory corruption in pygrub/fsimage python binding Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070130173810.GG18642@redhat.com \
--to=berrange@redhat.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.