Xen project Mailing List

[Xen-devel] double free in xlu configuration parser

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

Date: Thu, 10 Nov 2011 12:40:02 +0000

Delivery-date: Thu, 10 Nov 2011 04:41:10 -0800

List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Ian, I'm seeing this and struggling to figure out what is going on, any ideas? # touch empty # xl -N cr empty bootloader_args='1,2,3' Parsing config file empty empty:2: config parsing error near `,': syntax error, unexpected ',', expecting NEWLINE or ';' *** glibc detected *** xl: double free or corruption (fasttop): 0x080625f0 *** gdb reports the backtrace as: #0 0xff7fe424 in __kernel_vsyscall () #1 0xb7e5c751 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0xb7e5fb82 in *__GI_abort () at abort.c:92 #3 0xb7e9318d in __libc_message (do_abort=2, fmt=0xb7f57738 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #4 0xb7e9d281 in malloc_printerr (action=<value optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0x80625f0) at malloc.c:6267 #5 0xb7e9ead8 in _int_free (av=<value optimized out>, p=<value optimized out>) at malloc.c:4795 #6 0xb7ea1bbd in *__GI___libc_free (mem=0x80625f0) at malloc.c:3739 #7 0xb7fce47d in yydestruct (yymsg=<value optimized out>, yytype=<value optimized out>, yyvaluep=0xbfffed84, yylocationp=0xbfffe11c, ctx=0xbffff31c) at libxlu_cfg_y.y:40 #8 0xb7fced40 in xlu__cfg_yyparse (ctx=0xbffff31c) at libxlu_cfg_y.c:1615 #9 0xb7fd127d in parse (ctx=0xbffff31c) at libxlu_cfg.c:68 #10 0xb7fd1391 in xlu_cfg_readdata (cfg=0x80626e8, data=0x80626c8 "\nbootloader_args=1,2,3\n\n", length=24) at libxlu_cfg.c:123 #11 0x0804d529 in parse_config_data (configfile_filename_report=<value optimized out>, configfile_data=0x80626c8 "\nbootloader_args=1,2,3\n\n", configfile_len=24, d_config=0xbffff5e0, dm_info=0xbffff670) at xl_cmdimpl.c:590 #12 0x08051268 in create_domain (dom_info=<value optimized out>) at xl_cmdimpl.c:1545 #13 0x08059abb in main_create (argc=3, argv=0xbffffd1c) at xl_cmdimpl.c:3284 #14 0x0804c3eb in main (argc=5, argv=0xbffffd14) at xl.c:151 The inexplicable thing is that this appears to be somehow specific to bootloader_args, which I cannot understand because the cfg parser doesn't know that sort of thing. However: # xl -N cr empty foo='1,2,3' Parsing config file empty empty:2: config parsing error near `,': syntax error, unexpected ',', expecting NEWLINE or ';' Failed to parse config file: Invalid argument <exits cleanly> # xl -N cr empty kernel='1,2,3' Parsing config file empty empty:2: config parsing error near `,': syntax error, unexpected ',', expecting NEWLINE or ';' Failed to parse config file: Invalid argument <exits cleanly> The behaviour is the same if I put the option in a file: # echo bootloader_args=1,2,3 > full # xl -N cr full Parsing config file full full:1: config parsing error near `,': syntax error, unexpected ',', expecting NEWLINE or ';' *** glibc detected *** xl: double free or corruption (fasttop): 0x08062620 *** Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.