libvirt

possible null pointer dereference in qemuDomainPinEmulator()

Bug #1441775 reported by Chris Friesen on 2015-04-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libvirt	Invalid	Undecided	Unassigned
	libvirt (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

In src/qemu/qemu_driver.c the qemuDomainPinEmulator() routine basically does this

virDomainObjPtr vm;

if (!(vm = qemuDomObjFromDomain(dom)))
goto cleanup;

cleanup:
qemuDomObjEndAPI(&vm);

If "vm" is null, then this will crash.

The bug seems to have been added in commit 540c339a, which removed a null pointer check:
- if (vm)
- virObjectUnlock(vm);
+ qemuDomObjEndAPI(&vm);

Eric Blake (eblake) on 2015-04-08

affects:

qemu → libvirt

Revision history for this message

Chris Friesen (cbf123) wrote on 2015-04-09:

Thanks Eric...must have been a brain fart. :)

Revision history for this message

Serge Hallyn (serge-hallyn) wrote on 2015-04-09:

Hm,

if vm is null, then at cleanup we do

qemuDomObjEndAPI(&vm);

then qemuDomObjEndAPI checks:

if (!*vm)
return;

Perhaps it's too late in the day for me, but this looks ok?

Changed in libvirt (Ubuntu):
status:	New → Incomplete

Revision history for this message

Chris Friesen (cbf123) wrote on 2015-04-13:

Okay, so apparently I'm blind. Yeah, code looks fine.

The original thing that had me thinking this was buggy is that I'm seeing libvirtd crash if I run 'virsh emulatorpin'. Will try and isolate further and open a different bug report if appropriate.

Changed in libvirt (Ubuntu):
status:	Incomplete → Invalid
Changed in libvirt:
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.