[libvirt] [PATCH] qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up

[Jim Meyering]

Here's the fix, followed by the endjob/cleanup code:

>From d696f6067d6e802714adbf3e36bf53c9fcf3ec76 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering at redhat.com>
Date: Mon, 17 May 2010 19:28:44 +0200
Subject: [PATCH] qemudDomainSetVcpus: avoid NULL-deref on failed uuid look-up

* src/qemu/qemu_driver.c (qemudDomainSetVcpus): Upon look-up failure,
i.e., vm==NULL, goto cleanup, rather than to "endjob", superficially
since the latter would dereference vm, but more fundamentally because
we certainly don't want to call qemuDomainObjEndJob before we've
even attempted qemuDomainObjBeginJob.
---
 src/qemu/qemu_driver.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 582fdee..16a9646 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5526,11 +5526,11 @@ static int qemudDomainSetVcpus(virDomainPtr dom, unsigned int nvcpus) {
     if (!vm) {
         char uuidstr[VIR_UUID_STRING_BUFLEN];
         virUUIDFormat(dom->uuid, uuidstr);
         qemuReportError(VIR_ERR_NO_DOMAIN,
                         _("no domain with matching uuid '%s'"), uuidstr);
-        goto endjob;
+        goto cleanup;
     }

     if (qemuDomainObjBeginJob(vm) < 0)
         goto cleanup;

--
1.7.1.250.g7d1e8



Here's the end of that function.
Note that in endjob's code, vm is dereferenced:

    ...
        ret = qemudDomainHotplugVcpus(vm, nvcpus);

    endjob:
        if (qemuDomainObjEndJob(vm) == 0)
            vm = NULL;

    cleanup:
        if (vm)
            virDomainObjUnlock(vm);
        return ret;
    }