Re: [libvirt] [PATCH] test: Avoid use-after-free on virDomainSnapshotDelete
On 3/16/19 11:13 PM, Eric Blake wrote:
The following virsh command was triggering a use-after-free:
$ virsh -c test:///default '
snapshot-create-as test s1
snapshot-create-as test s2
snapshot-delete --children-only test s1
snapshot-current --name test'
Domain snapshot s1 created
Domain snapshot s2 created
Domain snapshot s1 children deleted
error: name in virGetDomainSnapshot must not be NULL
@@ -6508,8 +6508,6 @@ testDomainSnapshotDelete(virDomainSnapshotPtr
snapshot,
testDomainSnapshotDiscardAll,
&rem);
if (rem.current) {
- if (flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY)
- snap->def->current = true;
vm->current_snapshot = snap;
}
I need to let 'make syntax-check' finish running first. Here, I also
need to drop the now-spurious {}.
} else if (snap->nchildren) {
@@ -6542,8 +6540,6 @@ testDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
if (!parentsnap) {
VIR_WARN("missing parent snapshot matching name
'%s'",
snap->def->parent);
- } else {
- parentsnap->def->current = true;
}
}
and again
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)