[libvirt] [PATCH 1/2] bhyve: fix crash in bhyveBuildNetArgStr
bhyveBuildNetArgStr() calls virNetDevTapCreateInBridgePort() and
passes tapfd = NULL, but tapfdSize = 1. That is wrong, because
if virNetDevTapCreateInBridgePort() crashes after successfully
creating a TAP device, it'll jump to 'error' label, that
loops over tapfd and calls VIR_FORCE_CLOSE:
for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)
In that case we get a segfault.
As the bhyve code doesn't use tapfd, pass NULL and set tapfdSize to 0.
---
src/bhyve/bhyve_command.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/bhyve/bhyve_command.c b/src/bhyve/bhyve_command.c
index d3b3f69..f1862fe 100644
--- a/src/bhyve/bhyve_command.c
+++ b/src/bhyve/bhyve_command.c
@@ -46,7 +46,6 @@ bhyveBuildNetArgStr(const virDomainDef *def,
{
char macaddr[VIR_MAC_STRING_BUFLEN];
char *realifname = NULL;
- int *tapfd = NULL;
char *brname = NULL;
int actualType = virDomainNetGetActualType(net);
@@ -72,7 +71,7 @@ bhyveBuildNetArgStr(const virDomainDef *def,
if (!dryRun) {
if (virNetDevTapCreateInBridgePort(brname, &net->ifname,
&net->mac,
- def->uuid, tapfd, 1,
+ def->uuid, NULL, 0,
virDomainNetGetActualVirtPortProfile(net),
virDomainNetGetActualVlan(net),
VIR_NETDEV_TAP_CREATE_IFUP |
VIR_NETDEV_TAP_CREATE_PERSIST) < 0) {
--
1.9.0