From: Alex Jia <ajia@redhat.com> * src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0) true branch then 'obj' is NULL, virDomainObjIsActive(obj) and virDomainObjUnref(obj) will dereference NULL pointer. Signed-off-by: Alex Jia <ajia@redhat.com> --- src/qemu/qemu_process.c | 32 +++++++++++++++++--------------- 1 files changed, 17 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index bd49b21..9fdf846 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2661,22 +2661,24 @@ error: if (qemuDomainObjEndJob(driver, obj) == 0) obj = NULL; - if (!virDomainObjIsActive(obj)) { - if (virDomainObjUnref(obj) > 0) - virDomainObjUnlock(obj); - qemuDriverUnlock(driver); - return; - } + if (obj) { + if (!virDomainObjIsActive(obj)) { + if (virDomainObjUnref(obj) > 0) + virDomainObjUnlock(obj); + qemuDriverUnlock(driver); + return; + } - if (virDomainObjUnref(obj) > 0) { - /* We can't get the monitor back, so must kill the VM - * to remove danger of it ending up running twice if - * user tries to start it again later */ - qemuProcessStop(driver, obj, 0, VIR_DOMAIN_SHUTOFF_FAILED); - if (!obj->persistent) - virDomainRemoveInactive(&driver->domains, obj); - else - virDomainObjUnlock(obj); + if (virDomainObjUnref(obj) > 0) { + /* We can't get the monitor back, so must kill the VM + * to remove danger of it ending up running twice if + * user tries to start it again later */ + qemuProcessStop(driver, obj, 0, VIR_DOMAIN_SHUTOFF_FAILED); + if (!obj->persistent) + virDomainRemoveInactive(&driver->domains, obj); + else + virDomainObjUnlock(obj); + } } qemuDriverUnlock(driver); -- 1.7.1