From: Daniel P. Berrangé <berrange@redhat.com> The virDomainDeviceInfoClear method does not free the struct, only its contents, so all pointer fields must be explicitly set to NULL after releasing to avoid disk of double-free. Reported by coverity: *** CID 895678: Memory - corruptions (USE_AFTER_FREE) /src/conf/domain_conf.c: 5926 in virDomainDeviceInfoParseXML() 5920 goto cleanup; 5921 5922 5923 ret = 0; 5924 cleanup: 5925 if (ret < 0)
CID 895678: Memory - corruptions (USE_AFTER_FREE) Calling "virDomainDeviceInfoClear" frees pointer "info->acpiNodeset" which has already been freed.
5926 virDomainDeviceInfoClear(info); 5927 return ret; 5928 } 5929 5930 static int 5931 virDomainHostdevSubsysUSBDefParseXML(xmlNodePtr node,
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/conf/device_conf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index d08de68717..3fa7bba649 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -138,6 +138,7 @@ virDomainDeviceInfoClear(virDomainDeviceInfo *info) VIR_FREE(info->romfile); VIR_FREE(info->loadparm); virBitmapFree(info->acpiNodeset); + info->acpiNodeset = NUll; info->isolationGroup = 0; info->isolationGroupLocked = false; } -- 2.50.1