If the chStateInitialize method fails, we call chStateCleanup
which free's all global state. It fails to set the global
'ch_driver' to NULL, however, so a later attempt to open the
cloud hypervisor driver will succeed and then crash attempting
to access freed memory.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
src/ch/ch_driver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c
index 8c458a20bd..1ee33817f9 100644
--- a/src/ch/ch_driver.c
+++ b/src/ch/ch_driver.c
@@ -827,6 +827,7 @@ static int chStateCleanup(void)
virObjectUnref(ch_driver->config);
virMutexDestroy(&ch_driver->lock);
g_free(ch_driver);
+ ch_driver = NULL;
return 0;
}
--
2.31.1
