On 2/15/21 2:59 PM, Michal Privoznik wrote:
In one of my previous commits I've made an attempt to restore
the
noqueue qdisc on a TAP corresponding to domain's <interface/> if
QoS is cleared out. The commit consisted of two almost identical
hunks. In both the pointer is dereferenced. But in one of them,
the pointer to new bandwidth can't be NULL while in the other it
can leading to a crash.
Fixes: d53b09235398c1320ed2f1b45b640823171467ed
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1919619
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
Reviewed-by: Daniel Henrique Barboza <danielhb413(a)gmail.com>
src/qemu/qemu_hotplug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index e7863328db..a66354426d 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -3900,10 +3900,10 @@ qemuDomainChangeNet(virQEMUDriverPtr driver,
/* If the old bandwidth was cleared out, restore qdisc. */
if (virDomainNetTypeSharesHostView(newdev)) {
- if (!newb->out || newb->out->average == 0)
+ if (!newb || !newb->out || newb->out->average == 0)
qemuDomainInterfaceSetDefaultQDisc(driver, newdev);
} else {
- if (!newb->in || newb->in->average == 0)
+ if (!newb || !newb->in || newb->in->average == 0)
qemuDomainInterfaceSetDefaultQDisc(driver, newdev);
}
needReplaceDevDef = true;