Libvirtd would crash if a domain contained an empty cdrom drive of type='volume' as the disk def->srcpool member would be dereferenced. Fix it by checking if the source pool is present before dereferencing it. Also alter tests to catch this issue in the future. Reported by: Kevin Shanahan Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328 --- src/qemu/qemu_conf.c | 2 +- tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args | 2 ++ tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml | 6 ++++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 4378791..ac53f6d 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -1302,7 +1302,7 @@ cleanup: int qemuDiskGetActualType(virDomainDiskDefPtr def) { - if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME) + if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool) return def->srcpool->actualtype; return def->type; diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args index da87ad9..6b409b7 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args @@ -3,6 +3,8 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \ -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive \ file=/some/block/device/cdrom,if=none,media=cdrom,id=drive-ide0-0-1 -device \ ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -drive \ +if=none,media=cdrom,id=drive-ide0-1-0 -device \ +ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive \ file=/tmp/idedisk.img,if=none,id=drive-ide0-0-2 -device \ ide-drive,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 -device \ virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml index 6ca5cf7..e96f76e 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml @@ -24,6 +24,12 @@ <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> + <disk type='volume' device='cdrom'> + <driver name='qemu' type='raw'/> + <target dev='hdc' bus='ide'/> + <readonly/> + <address type='drive' controller='0' bus='1' target='0' unit='0'/> + </disk> <disk type='file' device='disk'> <source file='/tmp/idedisk.img'/> <target dev='hdc' bus='ide'/> -- 1.8.5.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list