On 2/25/26 13:50, Stefan Kober wrote:
We have a g_autoptr ret in the virIdentityGetSystem function. In the happy path it is properly returned by doing: return g_steal_pointer(&ret);
There are 2 early return paths, were we do the following: "return ret;"
This leads to the g_autoptr being cleaned up after we leave the function, as we do not properly "steal" it.
When later using the return value we have a use-after-free, which has led to segfaults in some cases.
As this is a regression introduced in 1280a631ef488aeaab905eb30a55899ef8ba97be, we change the behavior to properly return NULL in those cases.
In fact, it was introduced in c6825d88137cb8e4debdf4310e45ee23cb5698c0.
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> --- src/util/viridentity.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> and merged. Michal