Re: [libvirt] [PATCH 01/16] test: Avoid use-after-free on virDomainSnapshotDelete

On Wed, Mar 20, 2019 at 12:40:50AM -0500, Eric Blake wrote: > The following virsh command was triggering a use-after-free: > > $ virsh -c test:///default ' >  snapshot-create-as test s1 >  snapshot-create-as test s2 >  snapshot-delete --children-only test s1 >  snapshot-current --name test' > Domain snapshot s1 created > Domain snapshot s2 created > Domain snapshot s1 children deleted >

> > Ideally, I'd get rid of the 'current' member in virDomainSnapshotDef, > as well as the 'current_snapshot' member in virDomainDef, and instead > track the current member in virDomainSnapshotObjList, coupled with > writing ALL snapshot state for qemu in a single file (where I can use > <snapshots current='...'> as a wrapper, rather than > VIR_DOMAIN_SNAPSHOT_FORMAT_INTERNAL to output <current>1</current> XML > on a per-snapshot file basis).  But that's a bigger change, so for now > I'm just patching things to avoid the test driver segfault.