Coverity notices that net->ifname is potentially referenced after a
VIR_FREE(). Looking through history, the vport check code was added by
commit id 'df8100463' and later augmented by commit id 'd490f47b'. The
data is allocated via virNetDevMacVLanCreateWithVPortProfile, so it is
reasonable that it's free'd after the virNetDevMacVLanDeleteWithVPortProfile
call. Additionally, the virNetDevTapDelete call was added by commit id
'075650ff4', but it doesn't seem there's a corresponding VIR_FREE of
the ifname, so include that as well while we're at it.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_process.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index f2586a1..e3d1c62 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5321,6 +5321,7 @@ void qemuProcessStop(virQEMUDriverPtr driver,
def = vm->def;
for (i = 0; i < def->nnets; i++) {
+ bool free_net_iface = false;
virDomainNetDefPtr net = def->nets[i];
vport = virDomainNetGetActualVirtPortProfile(net);
@@ -5332,13 +5333,16 @@ void qemuProcessStop(virQEMUDriverPtr driver,
virDomainNetGetActualDirectMode(net),
virDomainNetGetActualVirtPortProfile(net),
cfg->stateDir));
- VIR_FREE(net->ifname);
+ free_net_iface = true;
break;
case VIR_DOMAIN_NET_TYPE_BRIDGE:
case VIR_DOMAIN_NET_TYPE_NETWORK:
#ifdef VIR_NETDEV_TAP_REQUIRE_MANUAL_CLEANUP
- if (!(vport && vport->virtPortType ==
VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))
+ if (!(vport && vport->virtPortType ==
+ VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH)) {
ignore_value(virNetDevTapDelete(net->ifname, net->backend.tap));
+ free_net_iface = true;
+ }
#endif
break;
}
@@ -5355,6 +5359,12 @@ void qemuProcessStop(virQEMUDriverPtr driver,
}
}
+ /* Corrolary to virNetDevMacVLanCreateWithVPortProfile or
+ * qemuNetworkIfaceConnect allocation
+ */
+ if (free_net_iface)
+ VIR_FREE(net->ifname);
+
/* kick the device out of the hostdev list too */
virDomainNetRemoveHostdev(def, net);
networkReleaseActualDevice(vm->def, net);
--
2.1.0