[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] New Qemu Crash found with evidence of memory corruption
|
From: |
andrzej zaborowski |
|
Subject: |
Re: [Qemu-devel] New Qemu Crash found with evidence of memory corruption |
|
Date: |
Tue, 18 Dec 2007 02:08:50 +0100 |
On 16/12/2007, Andreas Schwab <address@hidden> wrote:
> "Alexey Eremenko" <address@hidden> writes:
>
> > ======================================================
> > The error seems to be in Qemu's readline.c:
> >
> > if (idx == TERM_MAX_CMDS) {
> > /* Need to get one free slot */
> > free(term_history[0]); <-- Here is the error.
> > memcpy(term_history, &term_history[1],
> > &term_history[TERM_MAX_CMDS] - &term_history[1]);
> > term_history[TERM_MAX_CMDS - 1] = NULL;
> > idx = TERM_MAX_CMDS - 1;
> > }
> >
>
> Please try this:
>
> --- readline.c 09 Dez 2007 19:27:48 +0100 1.7
> +++ readline.c 16 Dez 2007 18:22:43 +0100
> @@ -267,7 +267,7 @@ static void term_hist_add(const char *cm
> new_entry = hist_entry;
> /* Put this entry at the end of history */
> memmove(&term_history[idx], &term_history[idx + 1],
> - &term_history[TERM_MAX_CMDS] - &term_history[idx + 1]);
> + (TERM_MAX_CMDS - idx + 1) * sizeof(char *));
> term_history[TERM_MAX_CMDS - 1] = NULL;
> for (; idx < TERM_MAX_CMDS; idx++) {
> if (term_history[idx] == NULL)
> @@ -280,7 +280,7 @@ static void term_hist_add(const char *cm
> /* Need to get one free slot */
> free(term_history[0]);
> memcpy(term_history, &term_history[1],
> - &term_history[TERM_MAX_CMDS] - &term_history[1]);
> + (TERM_MAX_CMDS - 1) * sizeof(char *));
> term_history[TERM_MAX_CMDS - 1] = NULL;
> idx = TERM_MAX_CMDS - 1;
> }
This is correct. I remember submitting the exact same fix about a year
and a half ago in the patch to save/restore monitor history between
sessions. By the way would there be interest to have such feature in
mainline cvs?
Regards