[PATCH] qemu: Fix crash in virQEMUCapsProbeQMPTPM

Peter Krempa pkrempa at redhat.com
Mon Jul 12 14:25:59 UTC 2021


If the queried QMP command doesn't exist qemuMonitorGetTPMModels returns
0 but sets the string list to NULL which isn't accepted by
g_strv_contains.

Fixes: a5bc5f0ecf8
Reported-by: Olaf Hering <olaf at aepfle.de>
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
 src/qemu/qemu_capabilities.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index d1cd8f11ac..5b359258a1 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3168,6 +3168,9 @@ virQEMUCapsProbeQMPTPM(virQEMUCaps *qemuCaps,
     if (qemuMonitorGetTPMModels(mon, &models) < 0)
         return -1;

+    if (!models)
+        return 0;
+
     for (i = 0; i < G_N_ELEMENTS(virQEMUCapsTPMModelsToCaps); i++) {
         const char *needle = virDomainTPMModelTypeToString(virQEMUCapsTPMModelsToCaps[i].type);
         if (g_strv_contains((const char **)models, needle))
@@ -3177,10 +3180,12 @@ virQEMUCapsProbeQMPTPM(virQEMUCaps *qemuCaps,
     if (qemuMonitorGetTPMTypes(mon, &types) < 0)
         return -1;

-    for (i = 0; i < G_N_ELEMENTS(virQEMUCapsTPMTypesToCaps); i++) {
-        const char *needle = virDomainTPMBackendTypeToString(virQEMUCapsTPMTypesToCaps[i].type);
-        if (g_strv_contains((const char **)types, needle))
-            virQEMUCapsSet(qemuCaps, virQEMUCapsTPMTypesToCaps[i].caps);
+    if (types) {
+        for (i = 0; i < G_N_ELEMENTS(virQEMUCapsTPMTypesToCaps); i++) {
+            const char *needle = virDomainTPMBackendTypeToString(virQEMUCapsTPMTypesToCaps[i].type);
+            if (g_strv_contains((const char **)types, needle))
+                virQEMUCapsSet(qemuCaps, virQEMUCapsTPMTypesToCaps[i].caps);
+        }
     }

     return 0;
-- 
2.31.1




More information about the libvir-list mailing list