[Qemu-devel] test-qmp-commands reads freed memory

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] test-qmp-commands reads freed memory

From:	Peter Maydell
Subject:	[Qemu-devel] test-qmp-commands reads freed memory
Date:	Sat, 8 Mar 2014 14:40:27 +0000

The test-qmp-commands test binary seems to read from freed
memory. This triggers the MacOSX malloc implementation's
assertions. git bisect blames

commit c2216a8a7a587e594f50bebbdf81fcf168444b68
Author: Markus Armbruster <address@hidden>
Date:   Sat Mar 1 08:40:29 2014 +0100

    tests/qapi-schema: Cover simple argument types

    Signed-off-by: Markus Armbruster <address@hidden>
    Reviewed-by: Eric Blake <address@hidden>
    Signed-off-by: Luiz Capitulino <address@hidden>

Valgrind will spot it:

cam-vm-266:precise:qemu$ valgrind build/x86/tests/test-qmp-commands
==15391== Memcheck, a memory error detector
==15391== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==15391== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==15391== Command: build/x86/tests/test-qmp-commands
==15391==
/0.15/dispatch_cmd: OK
/0.15/dispatch_cmd_error: OK
/0.15/dispatch_cmd_io: ==15391== Invalid read of size 8
==15391==    at 0x1344F6: qobject_decref (qobject.h:97)
==15391==    by 0x134FFD: test_dispatch_cmd_io (test-qmp-commands.c:144)
==15391==    by 0x4E9A65A: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9A7D5: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9AB2A: g_test_run_suite (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x13540D: main (test-qmp-commands.c:229)
==15391==  Address 0x5ea26a8 is 8 bytes inside a block of size 4,120 free'd
==15391==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15391==    by 0x13B741: qdict_destroy_obj (qdict.c:477)
==15391==    by 0x134580: qobject_decref (qobject.h:100)
==15391==    by 0x134F41: test_dispatch_cmd_io (test-qmp-commands.c:136)
==15391==    by 0x4E9A65A: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9A7D5: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9AB2A: g_test_run_suite (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x13540D: main (test-qmp-commands.c:229)
==15391==
==15391== Invalid write of size 8
==15391==    at 0x134502: qobject_decref (qobject.h:97)
==15391==    by 0x134FFD: test_dispatch_cmd_io (test-qmp-commands.c:144)
==15391==    by 0x4E9A65A: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9A7D5: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9AB2A: g_test_run_suite (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x13540D: main (test-qmp-commands.c:229)
==15391==  Address 0x5ea26a8 is 8 bytes inside a block of size 4,120 free'd
==15391==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15391==    by 0x13B741: qdict_destroy_obj (qdict.c:477)
==15391==    by 0x134580: qobject_decref (qobject.h:100)
==15391==    by 0x134F41: test_dispatch_cmd_io (test-qmp-commands.c:136)
==15391==    by 0x4E9A65A: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9A7D5: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9AB2A: g_test_run_suite (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x13540D: main (test-qmp-commands.c:229)
==15391==
==15391== Invalid read of size 8
==15391==    at 0x13450A: qobject_decref (qobject.h:97)
==15391==    by 0x134FFD: test_dispatch_cmd_io (test-qmp-commands.c:144)
==15391==    by 0x4E9A65A: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9A7D5: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9AB2A: g_test_run_suite (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x13540D: main (test-qmp-commands.c:229)
==15391==  Address 0x5ea26a8 is 8 bytes inside a block of size 4,120 free'd
==15391==    at 0x4C2A82E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15391==    by 0x13B741: qdict_destroy_obj (qdict.c:477)
==15391==    by 0x134580: qobject_decref (qobject.h:100)
==15391==    by 0x134F41: test_dispatch_cmd_io (test-qmp-commands.c:136)
==15391==    by 0x4E9A65A: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9A7D5: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x4E9AB2A: g_test_run_suite (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4)
==15391==    by 0x13540D: main (test-qmp-commands.c:229)
==15391==
OK


thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] test-qmp-commands reads freed memory, Peter Maydell <=
- Re: [Qemu-devel] test-qmp-commands reads freed memory, Luiz Capitulino, 2014/03/08
  - Re: [Qemu-devel] test-qmp-commands reads freed memory, Peter Maydell, 2014/03/08
    - [Qemu-devel] [PATCH] tests: test-qmp-commands: Fix double free, Luiz Capitulino, 2014/03/08
    - Re: [Qemu-devel] [PATCH] tests: test-qmp-commands: Fix double free, Eric Blake, 2014/03/10

Prev by Date: Re: [Qemu-devel] test-qapi-visit causes clang -fsanitize=undefined warning
Next by Date: [Qemu-devel] [PATCH] tap: avoid deadlocking rx
Previous by thread: [Qemu-devel] test-qapi-visit causes clang -fsanitize=undefined warning
Next by thread: Re: [Qemu-devel] test-qmp-commands reads freed memory
Index(es):
- Date
- Thread