[libvirt] [PATCH] qemu:json: Fix daemon crash on handling domain shutdown event

Tue May 30 08:53:44 UTC 2017

On Tue, May 30, 2017 at 10:41:17 +0200, Erik Skultety wrote:
> commit a8eba5036 added further checking of the guest shutdown cause, but
> this enhancement is available since qemu 2.10, causing a crash because
> of a NULL pointer dereference on older qemus.
> 
> Thread 1 "libvirtd" received signal SIGSEGV, Segmentation fault.
> 0x00007ffff72441af in virJSONValueObjectGet (object=0x0,
>                                              key=0x7fffd5ef11bf "guest")
>     at util/virjson.c:769
> 769	    if (object->type != VIR_JSON_TYPE_OBJECT)
> (gdb) bt
> 0  in virJSONValueObjectGet
> 1  in virJSONValueObjectGetBoolean
> 2  in qemuMonitorJSONHandleShutdown
> 3  in qemuMonitorJSONIOProcessEvent
> 4  in qemuMonitorJSONIOProcessLine
> 5  in qemuMonitorJSONIOProcess
> 6  in qemuMonitorIOProcess

I think you can truncate is somewhere here.

> 7  in qemuMonitorIO
> 8  in virEventPollDispatchHandles
> 9  in virEventPollRunOnce
> 10 in virEventRunDefaultImpl
> 11 in virNetDaemonRun
> 12 in main
> 
> Signed-off-by: Erik Skultety <eskultet at redhat.com>
> ---
>  src/qemu/qemu_monitor_json.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
> index 757595dd7..f208dd05a 100644
> --- a/src/qemu/qemu_monitor_json.c
> +++ b/src/qemu/qemu_monitor_json.c
> @@ -528,7 +528,7 @@ static void qemuMonitorJSONHandleShutdown(qemuMonitorPtr mon, virJSONValuePtr da
>      bool guest = false;
>      virTristateBool guest_initiated = VIR_TRISTATE_BOOL_ABSENT;
>  
> -    if (virJSONValueObjectGetBoolean(data, "guest", &guest) == 0)
> +    if (data && virJSONValueObjectGetBoolean(data, "guest", &guest) == 0)
>          guest_initiated = guest ? VIR_TRISTATE_BOOL_YES : VIR_TRISTATE_BOOL_NO;
>  
>      qemuMonitorEmitShutdown(mon, guest_initiated);

ACK, safe for freeze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170530/2b5215be/attachment-0001.sig>