possible null pointer dereference in qemuDomainPinEmulator()

Bug #1441775 reported by Chris Friesen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt
Invalid
Undecided
Unassigned
libvirt (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

In src/qemu/qemu_driver.c the qemuDomainPinEmulator() routine basically does this

     virDomainObjPtr vm;

     if (!(vm = qemuDomObjFromDomain(dom)))
         goto cleanup;

cleanup:
     qemuDomObjEndAPI(&vm);

If "vm" is null, then this will crash.

The bug seems to have been added in commit 540c339a, which removed a null pointer check:
- if (vm)
- virObjectUnlock(vm);
+ qemuDomObjEndAPI(&vm);

Eric Blake (eblake)
affects: qemu → libvirt
Revision history for this message
Chris Friesen (cbf123) wrote :

Thanks Eric...must have been a brain fart. :)

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Hm,

if vm is null, then at cleanup we do

qemuDomObjEndAPI(&vm);

then qemuDomObjEndAPI checks:

if (!*vm)
   return;

Perhaps it's too late in the day for me, but this looks ok?

Changed in libvirt (Ubuntu):
status: New → Incomplete
Revision history for this message
Chris Friesen (cbf123) wrote :

Okay, so apparently I'm blind. Yeah, code looks fine.

The original thing that had me thinking this was buggy is that I'm seeing libvirtd crash if I run 'virsh emulatorpin'. Will try and isolate further and open a different bug report if appropriate.

Changed in libvirt (Ubuntu):
status: Incomplete → Invalid
Changed in libvirt:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.