[libvirt] [PATCH] qemu: Avoid libvirtd crash in qemuDomainObjExitAgentInternal
Daniel P. Berrange
berrange at redhat.com
Tue Aug 7 11:34:03 UTC 2012
On Tue, Aug 07, 2012 at 03:18:38PM +0800, Alex Jia wrote:
> * src/qemu/qemu_domain.c (qemuDomainObjExitAgentInternal): fix crashing
> libvirtd due to derefing a NULL pointer.
>
> For details, please see bug:
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=845966
>
> Signed-off-by: Alex Jia <ajia at redhat.com>
> ---
> src/qemu/qemu_domain.c | 10 ++++++----
> 1 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 86f0265..8667b6c 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -1136,12 +1136,14 @@ qemuDomainObjExitAgentInternal(struct qemud_driver *driver,
> virDomainObjPtr obj)
> {
> qemuDomainObjPrivatePtr priv = obj->privateData;
> - int refs;
> + int refs = -1;
>
> - refs = qemuAgentUnref(priv->agent);
> + if (priv->agent) {
> + refs = qemuAgentUnref(priv->agent);
>
> - if (refs > 0)
> - qemuAgentUnlock(priv->agent);
> + if (refs > 0)
> + qemuAgentUnlock(priv->agent);
> + }
>
> if (driver_locked)
> qemuDriverLock(driver);
I'm not convinced this is the right fix. The whole point of the Enter/ExitAgent
methods is to hold an extra reference on priv->agent, so that it is *not*
deleted while a agent command is run.
What is setting priv->agent to NULL while the command is still active ?
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list