If something fails while initializing qemu job object in qemuDomainObjPrivateAlloc(), memory to the private pointer is freed, but after that, the pointer is still dereferenced, which may result in a segfault. * qemuDomainObjPrivateAlloc() - Don't dereference NULL pointer. --- I added the label and jump with future expansions in mind, as I've found this bug while modifying said function. src/qemu/qemu_domain.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 3e755d7..d33d1d9 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -214,11 +214,15 @@ static void *qemuDomainObjPrivateAlloc(void) return NULL; if (qemuDomainObjInitJob(priv) < 0) - VIR_FREE(priv); + goto error; priv->migMaxBandwidth = QEMU_DOMAIN_DEFAULT_MIG_BANDWIDTH_MAX; return priv; + +error: + VIR_FREE(priv); + return NULL; } static void qemuDomainObjPrivateFree(void *data) -- 1.7.3.4