On 02/15/2012 02:27 AM, ajia@xxxxxxxxxx wrote:
> From: Alex Jia <ajia@xxxxxxxxxx>
>
> * src/qemu/qemu_process.c (qemuFindAgentConfig): avoid crash libvirtd due to
> deref a NULL pointer.
>
> * How to reproduce?
> 1. virsh edit the following xml into guest configuration:
>
> <channel type='pty'>
> <target type='virtio'/>
> <address type='virtio-serial' controller='0' bus='0' port='1'/>
> </channel>
> 2. virsh start <domain>
>
> or
> % virt-install -n foo -r 1024 --disk path=/var/lib/libvirt/images/foo.img,size=1 \
> --channel pty,target_type=virtio -l <installation tree>
>
> Signed-off-by: Alex Jia <ajia@xxxxxxxxxx>
> ---
> src/qemu/qemu_process.c | 5 ++++-
> 1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 2d92d66..6dc1732 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -189,11 +189,14 @@ qemuFindAgentConfig(virDomainDefPtr def)
>
> for (i = 0 ; i < def->nchannels ; i++) {
> virDomainChrDefPtr channel = def->channels[i];
> + if(!channel)
> + break;
This looks fishy. def->nchannels should imply that def->channels[i] is
non-NULL for all channels. We need to figure out where that assumption
went wrong and fix the root cause, rather than papering over it here.
Or maybe you don't need this hunk after all.
>
> if (channel->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)
> continue;
>
> - if (STREQ(channel->target.name, "org.qemu.guest_agent.0")) {
> + if (channel->target.name &&
> + STREQ(channel->target.name, "org.qemu.guest_agent.0")) {
Here, I'd use
if (STREQ_NULLABLE(channel->target.name, "org.qemu.guest_agent.0")) {
--
Eric Blake eblake@xxxxxxxxxx +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list