On Mon, Sep 29, 2025 at 07:55:55PM +0300, gerben@altlinux.org wrote:
From: Denis Rastyogin <gerben@altlinux.org>
virGetLastError() may return NULL in case of OOM. Without a check this could lead to a NULL pointer dereference when accessing its fields. The result of virGetLastError() is usually checked in other places, so add the missing check here as well.
AFAICT, it can't return NULL on OOM, because virGetLastError calls into virLastErrorObject() which calls g_new0() which aborts on OOM. The only way we can get NULL from virGetLastError is if there was no error reported, because in this codepath we've already seen that virDomainCreate returned < 0, and so we know an error is reported. IOW, I don't see any bug here to fix.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reported-by: Pavel Nekrasov <p.nekrasov@fobos-nt.ru> Signed-off-by: Denis Rastyogin <gerben@altlinux.org> --- tools/virt-login-shell-helper.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/tools/virt-login-shell-helper.c b/tools/virt-login-shell-helper.c index cb59b5dec0..9282ca481e 100644 --- a/tools/virt-login-shell-helper.c +++ b/tools/virt-login-shell-helper.c @@ -282,6 +282,10 @@ main(int argc, char **argv) if (!virDomainIsActive(dom) && virDomainCreate(dom) < 0) { virErrorPtr last_error; last_error = virGetLastError(); + + if (!last_error) + goto cleanup; + if (last_error->code != VIR_ERR_OPERATION_INVALID) { virReportSystemError(last_error->code, _("Can't create %1$s container: %2$s"), -- 2.42.2
With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|