[Qemu-devel] Double-free due to e5dc1a6c6c

[Qemu-devel] Double-free due to e5dc1a6c6c

[Stefan Berger]

I get double-free memory errors when QEMU terminates due to commit 
e5dc1a6c6c.

The way to reproduce the error is to 1st do a 'system_reset' in the 
monitor and then get into the grub console and do a 'halt' there.


      Stefan


commit e5dc1a6c6c4359cd783810f63eb68e9e09350708
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date:   Thu Jan 4 17:05:15 2018 +0100

     readline: add a free function

     Fixes leaks such as:

     Direct leak of 2 byte(s) in 1 object(s) allocated from:
         #0 0x7eff58beb850 in malloc (/lib64/libasan.so.4+0xde850)
         #1 0x7eff57942f0c in g_malloc ../glib/gmem.c:94
         #2 0x7eff579431cf in g_malloc_n ../glib/gmem.c:331
         #3 0x7eff5795f6eb in g_strdup ../glib/gstrfuncs.c:363
         #4 0x55db720f1d46 in readline_hist_add 
/home/elmarco/src/qq/util/readline.c:258
         #5 0x55db720f2d34 in readline_handle_byte 
/home/elmarco/src/qq/util/readline.c:387
         #6 0x55db71539d00 in monitor_read 
/home/elmarco/src/qq/monitor.c:3896
         #7 0x55db71f9be35 in qemu_chr_be_write_impl 
/home/elmarco/src/qq/chardev/char.c:167
         #8 0x55db71f9bed3 in qemu_chr_be_write 
/home/elmarco/src/qq/chardev/char.c:179
         #9 0x55db71fa013c in fd_chr_read 
/home/elmarco/src/qq/chardev/char-fd.c:66
         #10 0x55db71fe18a8 in qio_channel_fd_source_dispatch 
/home/elmarco/src/qq/io/channel-watch.c:84
         #11 0x7eff5793a90b in g_main_dispatch ../glib/gmain.c:3182
         #12 0x7eff5793b7ac in g_main_context_dispatch ../glib/gmain.c:3847
         #13 0x55db720af3bd in glib_pollfds_poll 
/home/elmarco/src/qq/util/main-loop.c:214
         #14 0x55db720af505 in os_host_main_loop_wait 
/home/elmarco/src/qq/util/main-loop.c:261
         #15 0x55db720af6d6 in main_loop_wait 
/home/elmarco/src/qq/util/main-loop.c:515
         #16 0x55db7184e0de in main_loop /home/elmarco/src/qq/vl.c:1995
         #17 0x55db7185e956 in main /home/elmarco/src/qq/vl.c:4914
         #18 0x7eff4ea17039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Re: [Qemu-devel] Double-free due to e5dc1a6c6c

[Emilio G. Cota]

On Fri, Jan 19, 2018 at 17:55:27 -0500, Stefan Berger wrote:
> I get double-free memory errors when QEMU terminates due to commit
> e5dc1a6c6c.
> 
> The way to reproduce the error is to 1st do a 'system_reset' in the monitor
> and then get into the grub console and do a 'halt' there.

Can you please check whether this is fixed by the patch below?
Was posted yesterday on the list, should be on master soon.

  https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg04298.html

Thanks,

		Emilio

Re: [Qemu-devel] Double-free due to e5dc1a6c6c

[Stefan Berger]

On 01/19/2018 09:05 PM, Emilio G. Cota wrote:
> On Fri, Jan 19, 2018 at 17:55:27 -0500, Stefan Berger wrote:
>> I get double-free memory errors when QEMU terminates due to commit
>> e5dc1a6c6c.
>>
>> The way to reproduce the error is to 1st do a 'system_reset' in the monitor
>> and then get into the grub console and do a 'halt' there.
> Can you please check whether this is fixed by the patch below?
> Was posted yesterday on the list, should be on master soon.
>
>    https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg04298.html

Yes, fixes it for me.

    Stefan

>
> Thanks,
>
> 		Emilio
>