On 6/4/21 5:01 PM, Daniel P. Berrangé wrote: > If the chStateInitialize method fails, we call chStateCleanup > which free's all global state. It fails to set the global > 'ch_driver' to NULL, however, so a later attempt to open the > cloud hypervisor driver will succeed and then crash attempting > to access freed memory. > > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > --- > src/ch/ch_driver.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c > index 8c458a20bd..1ee33817f9 100644 > --- a/src/ch/ch_driver.c > +++ b/src/ch/ch_driver.c > @@ -827,6 +827,7 @@ static int chStateCleanup(void) > virObjectUnref(ch_driver->config); > virMutexDestroy(&ch_driver->lock); > g_free(ch_driver); > + ch_driver = NULL; > > return 0; > } > Oh, I missed this completely before sending my patch: https://listman.redhat.com/archives/libvir-list/2021-June/msg00158.html How about g_clear_pointer() instead? Regardless: Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal
