On 3/16/19 11:13 PM, Eric Blake wrote:
The following virsh command was triggering a use-after-free:
$ virsh -c test:///default ' snapshot-create-as test s1 snapshot-create-as test s2 snapshot-delete --children-only test s1 snapshot-current --name test' Domain snapshot s1 created Domain snapshot s2 created Domain snapshot s1 children deleted
error: name in virGetDomainSnapshot must not be NULL
@@ -6508,8 +6508,6 @@ testDomainSnapshotDelete(virDomainSnapshotPtr snapshot, testDomainSnapshotDiscardAll, &rem); if (rem.current) { - if (flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY) - snap->def->current = true; vm->current_snapshot = snap; }
I need to let 'make syntax-check' finish running first. Here, I also need to drop the now-spurious {}.
} else if (snap->nchildren) { @@ -6542,8 +6540,6 @@ testDomainSnapshotDelete(virDomainSnapshotPtr snapshot, if (!parentsnap) { VIR_WARN("missing parent snapshot matching name '%s'", snap->def->parent); - } else { - parentsnap->def->current = true; } }
and again -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org