Here's the fix, followed by the endjob/cleanup code:
>From d696f6067d6e802714adbf3e36bf53c9fcf3ec76 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@xxxxxxxxxx>
Date: Mon, 17 May 2010 19:28:44 +0200
Subject: [PATCH] qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up
* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
since the latter would dereference vm, but more fundamentally because
we certainly don't want to call qemuDomainObjEndJob before we've
even attempted qemuDomainObjBeginJob.
---
src/qemu/qemu_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 582fdee..16a9646 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5526,11 +5526,11 @@ static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
if (!vm) {
char uuidstr[VIR_UUID_STRING_BUFLEN];
virUUIDFormat(dom->uuid, uuidstr);
qemuReportError(VIR_ERR_NO_DOMAIN,
_("no domain with matching uuid '%s'"), uuidstr);
- goto endjob;
+ goto cleanup;
}
if (qemuDomainObjBeginJob(vm) < 0)
goto cleanup;
--
1.7.1.250.g7d1e8
Here's the end of that function.
Note that in endjob's code, vm is dereferenced:
...
ret = qemudDomainHotplugVcpus(vm, nvcpus);
endjob:
if (qemuDomainObjEndJob(vm) == 0)
vm = NULL;
cleanup:
if (vm)
virDomainObjUnlock(vm);
return ret;
}
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list