qemuDomainDiskByName() can return a NULL pointer on failure, but this returned value in qemuSnapshotDeleteValidate is not checked. It will make libvirtd crash. diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c index 5b3aadcbf0..52312b4a7b 100644 --- a/src/qemu/qemu_snapshot.c +++ b/src/qemu/qemu_snapshot.c @@ -4235,8 +4235,11 @@ qemuSnapshotDeleteValidate(virDomainObj *vm, virDomainDiskDef *vmdisk = NULL; virDomainDiskDef *disk = NULL; - vmdisk = qemuDomainDiskByName(vm->def, snapDisk->name); - disk = qemuDomainDiskByName(snapdef->parent.dom, snapDisk->name); + if (!(vmdisk = qemuDomainDiskByName(vm->def, snapDisk->name))) + return -1; + + if (!(disk = qemuDomainDiskByName(snapdef->parent.dom, snapDisk->name))) + return -1; if (!virStorageSourceIsSameLocation(vmdisk->src, disk->src)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED,