[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] New Qemu Crash found with evidence of memory corruption
From: |
Andreas Schwab |
Subject: |
Re: [Qemu-devel] New Qemu Crash found with evidence of memory corruption |
Date: |
Sun, 16 Dec 2007 18:24:54 +0100 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.1 (gnu/linux) |
"Alexey Eremenko" <address@hidden> writes:
> ======================================================
> The error seems to be in Qemu's readline.c:
>
> if (idx == TERM_MAX_CMDS) {
> /* Need to get one free slot */
> free(term_history[0]); <-- Here is the error.
> memcpy(term_history, &term_history[1],
> &term_history[TERM_MAX_CMDS] - &term_history[1]);
> term_history[TERM_MAX_CMDS - 1] = NULL;
> idx = TERM_MAX_CMDS - 1;
> }
>
Please try this:
--- readline.c 09 Dez 2007 19:27:48 +0100 1.7
+++ readline.c 16 Dez 2007 18:22:43 +0100
@@ -267,7 +267,7 @@ static void term_hist_add(const char *cm
new_entry = hist_entry;
/* Put this entry at the end of history */
memmove(&term_history[idx], &term_history[idx + 1],
- &term_history[TERM_MAX_CMDS] - &term_history[idx + 1]);
+ (TERM_MAX_CMDS - idx + 1) * sizeof(char *));
term_history[TERM_MAX_CMDS - 1] = NULL;
for (; idx < TERM_MAX_CMDS; idx++) {
if (term_history[idx] == NULL)
@@ -280,7 +280,7 @@ static void term_hist_add(const char *cm
/* Need to get one free slot */
free(term_history[0]);
memcpy(term_history, &term_history[1],
- &term_history[TERM_MAX_CMDS] - &term_history[1]);
+ (TERM_MAX_CMDS - 1) * sizeof(char *));
term_history[TERM_MAX_CMDS - 1] = NULL;
idx = TERM_MAX_CMDS - 1;
}
Andreas.
--
Andreas Schwab, SuSE Labs, address@hidden
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."