Re: [libvirt] [PATCH v3 1/4] qemu: Fix segfault when parsing private domain data

On 08/13/2015 04:18 AM, Martin Kletzander wrote: > When parsing private domain data, there are two paths that are flawed. > They are both error paths, just from different parts of the function. > One of them can call free() on an uninitialized pointer. Initialization > to NULL is enough here. The other one is a bit trickier to explain, but > as easy as the first one to fix. We create capabilities, parse them and > then assign them into the private data pointer inside the domain object. > If, however, we get to fail from now on, the error path calls unrefs the > capabilities and then, when the domain object is being cleaned, > qemuDomainObjPrivateFree() tries to unref them as well. That causes a > segfault. Settin the pointer to NULL upon successful addition to the s/Settin/Setting > private data is enough. > > Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com&gt; > --- > src/qemu/qemu_domain.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > Could have been 2 patches though to fix 2 different bugs... Good catch on the second one - that was well hidden... John (and I see Jan's ACK'd the whole series - so whether this gets to you in time or not relies on the speed of email)

> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > index abf52c9c38fa..8fe7c75d19c9 100644 > --- a/src/qemu/qemu_domain.c > +++ b/src/qemu/qemu_domain.c > @@ -627,7 +627,7 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, > { > qemuDomainObjPrivatePtr priv = vm->privateData; > char *monitorpath; > - char *tmp; > + char *tmp = NULL; > int n; > size_t i; > xmlNodePtr *nodes = NULL; > @@ -715,6 +715,7 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, > } > > priv->qemuCaps = qemuCaps; > + qemuCaps = NULL; > } > VIR_FREE(nodes); >