On Tue, Aug 07, 2012 at 03:18:38PM +0800, Alex Jia wrote:
* src/qemu/qemu_domain.c (qemuDomainObjExitAgentInternal): fix crashing libvirtd due to derefing a NULL pointer.
For details, please see bug: RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=845966
Signed-off-by: Alex Jia <ajia@redhat.com> --- src/qemu/qemu_domain.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 86f0265..8667b6c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1136,12 +1136,14 @@ qemuDomainObjExitAgentInternal(struct qemud_driver *driver, virDomainObjPtr obj) { qemuDomainObjPrivatePtr priv = obj->privateData; - int refs; + int refs = -1;
- refs = qemuAgentUnref(priv->agent); + if (priv->agent) { + refs = qemuAgentUnref(priv->agent);
- if (refs > 0) - qemuAgentUnlock(priv->agent); + if (refs > 0) + qemuAgentUnlock(priv->agent); + }
if (driver_locked) qemuDriverLock(driver);
I'm not convinced this is the right fix. The whole point of the Enter/ExitAgent methods is to hold an extra reference on priv->agent, so that it is *not* deleted while a agent command is run. What is setting priv->agent to NULL while the command is still active ? Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|