On 3/16/19 11:13 PM, Eric Blake wrote:
> The following virsh command was triggering a use-after-free:
>
> $ virsh -c test:///default '
> snapshot-create-as test s1
> snapshot-create-as test s2
> snapshot-delete --children-only test s1
> snapshot-current --name test'
> Domain snapshot s1 created
> Domain snapshot s2 created
> Domain snapshot s1 children deleted
>
> error: name in virGetDomainSnapshot must not be NULL
>
> @@ -6508,8 +6508,6 @@ testDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
> testDomainSnapshotDiscardAll,
> &rem);
> if (rem.current) {
> - if (flags & VIR_DOMAIN_SNAPSHOT_DELETE_CHILDREN_ONLY)
> - snap->def->current = true;
> vm->current_snapshot = snap;
> }
I need to let 'make syntax-check' finish running first. Here, I also
need to drop the now-spurious {}.
> } else if (snap->nchildren) {
> @@ -6542,8 +6540,6 @@ testDomainSnapshotDelete(virDomainSnapshotPtr snapshot,
> if (!parentsnap) {
> VIR_WARN("missing parent snapshot matching name '%s'",
> snap->def->parent);
> - } else {
> - parentsnap->def->current = true;
> }
> }
and again
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
