'nfs' variable was set to -1 or -2 on agent failure. Cleanup then tried to free 'nfs' elements of the array which resulted into a crash. Make 'nfs' size_t and assign it only on successful agent call. https://bugzilla.redhat.com/show_bug.cgi?id=1812965 Broken by commit 599ae372d8cf092 Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/qemu/qemu_agent.c | 2 +- src/qemu/qemu_driver.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c index 9f3fb9732f..dff327e8d5 100644 --- a/src/qemu/qemu_agent.c +++ b/src/qemu/qemu_agent.c @@ -1914,7 +1914,7 @@ qemuAgentGetFSInfoFillDisks(virJSONValuePtr jsondisks, return 0; } -/* Returns: 0 on success +/* Returns: number of entries in '@info' on success * -2 when agent command is not supported by the agent * -1 otherwise */ diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 02ea582767..e285e9373c 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -22814,7 +22814,7 @@ qemuDomainGetGuestInfo(virDomainPtr dom, g_autofree char *hostname = NULL; unsigned int supportedTypes = types; int rc; - int nfs = 0; + size_t nfs = 0; qemuAgentFSInfoPtr *agentfsinfo = NULL; size_t i; @@ -22867,9 +22867,13 @@ qemuDomainGetGuestInfo(virDomainPtr dom, } } if (supportedTypes & VIR_DOMAIN_GUEST_INFO_FILESYSTEM) { - rc = nfs = qemuAgentGetFSInfo(agent, &agentfsinfo); - if (rc < 0 && !(rc == -2 && types == 0)) - goto exitagent; + rc = qemuAgentGetFSInfo(agent, &agentfsinfo); + if (rc < 0) { + if (!(rc == -2 && types == 0)) + goto exitagent; + } else { + nfs = rc; + } } ret = 0; -- 2.24.1
