On Mon, May 17, 2010 at 01:04:24PM +0200, Jim Meyering wrote:
> The following theoretical possibility of a NULL dereference
> has been in the code since April 1
> (commit 6e41f30efcac08e50b21d9c943d6d27e90555951).
> It's theoretical, because if that vm = NULL
> statement is ever executed, the very next one,
> calling virDomainObjUnlock would dereference that now-NULL "vm".
> Hence, I think we can conclude the vm = NULL statement is
> effectively dead code. That conclusion is in line with the
> "should" in the preceding comment.
>
>
> >From f88969b986a1c88985671c9d6fa9cb1dc449ed74 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <meyering@xxxxxxxxxx>
> Date: Mon, 17 May 2010 12:10:52 +0200
> Subject: [PATCH] qemu_driver: avoid NULL dereference
>
> * src/qemu/qemu_driver.c (qemudDomainStart): After setting vm to NULL,
> goto cleanup, rather than dereferencing the NULL pointer.
> ---
> src/qemu/qemu_driver.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
> index 8f69b5a..3559e36 100644
> --- a/src/qemu/qemu_driver.c
> +++ b/src/qemu/qemu_driver.c
> @@ -6489,8 +6489,11 @@ static int qemudDomainStart(virDomainPtr dom) {
> * We should still have a reference left to vm but
> * one should check for 0 anyway
> */
> - if (qemuDomainObjEndJob(vm) == 0)
> + if (qemuDomainObjEndJob(vm) = 0) {
> vm = NULL;
> + goto cleanup;
> + }
> +
> virDomainObjUnlock(vm);
> qemuDriverUnlock(driver);
> ret = qemudDomainRestore(dom->conn, managed_save);
ACK
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list