When placing vCPUs into CGroups the qemuProcessSetupPid() is
called which then enters a for() loop (around its middle) where
it calls virDomainNumaGetNodeCpumask() for each guest NUMA node.
But the latter returns only a pointer not new reference/copy and
thus the caller must not free it. But the variable is decorated
with g_autoptr() which leads to a double free.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/qemu/qemu_process.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 05104e3098..92c1f0ab74 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2741,8 +2741,7 @@ qemuProcessSetupPid(virDomainObj *vm,
/* Look for the guest NUMA node of this vCPU */
for (i = 0; i < virDomainNumaGetNodeCount(numatune); i++) {
- g_autoptr(virBitmap) node_cpus = NULL;
- node_cpus = virDomainNumaGetNodeCpumask(numatune, i);
+ virBitmap *node_cpus = virDomainNumaGetNodeCpumask(numatune, i);
if (!virBitmapIsBitSet(node_cpus, id))
continue;
--
2.26.3
