[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] qemu: avoid dereferencing a NULL pointer



From: Alex Jia <ajia redhat com>

* src/qemu/qemu_process.c: Taking if (qemuDomainObjEndJob(driver, obj) == 0)
  true branch then 'obj' is NULL, virDomainObjIsActive(obj) and
  virDomainObjUnref(obj) will dereference NULL pointer. 

Signed-off-by: Alex Jia <ajia redhat com>
---
 src/qemu/qemu_process.c |   32 +++++++++++++++++---------------
 1 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index bd49b21..9fdf846 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2661,22 +2661,24 @@ error:
     if (qemuDomainObjEndJob(driver, obj) == 0)
         obj = NULL;
 
-    if (!virDomainObjIsActive(obj)) {
-        if (virDomainObjUnref(obj) > 0)
-            virDomainObjUnlock(obj);
-        qemuDriverUnlock(driver);
-        return;
-    }
+    if (obj) {
+        if (!virDomainObjIsActive(obj)) {
+            if (virDomainObjUnref(obj) > 0)
+                virDomainObjUnlock(obj);
+            qemuDriverUnlock(driver);
+            return;
+        }
 
-    if (virDomainObjUnref(obj) > 0) {
-        /* We can't get the monitor back, so must kill the VM
-         * to remove danger of it ending up running twice if
-         * user tries to start it again later */
-        qemuProcessStop(driver, obj, 0, VIR_DOMAIN_SHUTOFF_FAILED);
-        if (!obj->persistent)
-            virDomainRemoveInactive(&driver->domains, obj);
-        else
-            virDomainObjUnlock(obj);
+        if (virDomainObjUnref(obj) > 0) {
+            /* We can't get the monitor back, so must kill the VM
+            * to remove danger of it ending up running twice if
+            * user tries to start it again later */
+            qemuProcessStop(driver, obj, 0, VIR_DOMAIN_SHUTOFF_FAILED);
+            if (!obj->persistent)
+                virDomainRemoveInactive(&driver->domains, obj);
+            else
+                virDomainObjUnlock(obj);
+        }
     }
     qemuDriverUnlock(driver);
 
-- 
1.7.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]