If we jump to cleanup before allocating 'result', then the call to
virBlkioDeviceArrayClear() could dereference result
Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
src/lxc/lxc_driver.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index f93360f..e5b6662 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -2222,8 +2222,10 @@ lxcDomainParseBlkioDeviceStr(char *blkioDeviceStr, const char *type,
_("unable to parse blkio device '%s' '%s'"),
type, blkioDeviceStr);
cleanup:
- virBlkioDeviceArrayClear(result, ndevices);
- VIR_FREE(result);
+ if (result) {
+ virBlkioDeviceArrayClear(result, ndevices);
+ VIR_FREE(result);
+ }
return -1;
}
--
1.9.3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list