[libvirt] [PATCH] qemu: Prevent crash of libvirtd without guest agent

Eric Blake eblake at redhat.com
Wed Feb 15 23:09:10 UTC 2012


On 02/15/2012 02:27 AM, ajia at redhat.com wrote:
> From: Alex Jia <ajia at redhat.com>
> 
> * src/qemu/qemu_process.c (qemuFindAgentConfig): avoid crash libvirtd due to
> deref a NULL pointer.
> 
> * How to reproduce?
> 1. virsh edit the following xml into guest configuration:
> 
>     <channel type='pty'>
>       <target type='virtio'/>
>       <address type='virtio-serial' controller='0' bus='0' port='1'/>
>     </channel>
> 2. virsh start <domain>
> 
> or 
> % virt-install -n foo -r 1024 --disk path=/var/lib/libvirt/images/foo.img,size=1 \
> --channel pty,target_type=virtio -l <installation tree>
> 
> Signed-off-by: Alex Jia <ajia at redhat.com>
> ---
>  src/qemu/qemu_process.c |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 2d92d66..6dc1732 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -189,11 +189,14 @@ qemuFindAgentConfig(virDomainDefPtr def)
>  
>      for (i = 0 ; i < def->nchannels ; i++) {
>          virDomainChrDefPtr channel = def->channels[i];
> +        if(!channel)
> +            break;

This looks fishy.  def->nchannels should imply that def->channels[i] is
non-NULL for all channels.  We need to figure out where that assumption
went wrong and fix the root cause, rather than papering over it here.
Or maybe you don't need this hunk after all.

>  
>          if (channel->targetType != VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_VIRTIO)
>              continue;
>  
> -        if (STREQ(channel->target.name, "org.qemu.guest_agent.0")) {
> +        if (channel->target.name && 
> +            STREQ(channel->target.name, "org.qemu.guest_agent.0")) {

Here, I'd use

if (STREQ_NULLABLE(channel->target.name, "org.qemu.guest_agent.0")) {

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120215/f909ac1f/attachment-0001.sig>


More information about the libvir-list mailing list