|
|
d76c62 |
From c03fef652341b4ee8969b2a0229e2ef9046a9cee Mon Sep 17 00:00:00 2001
|
|
|
d76c62 |
Message-Id: <c03fef652341b4ee8969b2a0229e2ef9046a9cee@dist-git>
|
|
|
d76c62 |
From: Peter Krempa <pkrempa@redhat.com>
|
|
|
d76c62 |
Date: Mon, 16 Mar 2020 22:11:35 +0100
|
|
|
d76c62 |
Subject: [PATCH] qemuDomainGetGuestInfo: Don't try to free a negative number
|
|
|
d76c62 |
of entries
|
|
|
d76c62 |
MIME-Version: 1.0
|
|
|
d76c62 |
Content-Type: text/plain; charset=UTF-8
|
|
|
d76c62 |
Content-Transfer-Encoding: 8bit
|
|
|
d76c62 |
|
|
|
d76c62 |
'nfs' variable was set to -1 or -2 on agent failure. Cleanup then tried
|
|
|
d76c62 |
to free 'nfs' elements of the array which resulted into a crash.
|
|
|
d76c62 |
|
|
|
d76c62 |
Make 'nfs' size_t and assign it only on successful agent call.
|
|
|
d76c62 |
|
|
|
d76c62 |
https://bugzilla.redhat.com/show_bug.cgi?id=1812965
|
|
|
d76c62 |
|
|
|
d76c62 |
Broken by commit 599ae372d8cf092
|
|
|
d76c62 |
|
|
|
d76c62 |
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
d76c62 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
d76c62 |
(cherry picked from commit 0fdb7385e416c9a0830dc60c0a56d55428963d74)
|
|
|
d76c62 |
|
|
|
d76c62 |
https://bugzilla.redhat.com/show_bug.cgi?id=1812965
|
|
|
d76c62 |
Message-Id: <6eb97463bb380d32591ef82336095bf1ef370bca.1584391726.git.pkrempa@redhat.com>
|
|
|
d76c62 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
d76c62 |
---
|
|
|
d76c62 |
src/qemu/qemu_agent.c | 2 +-
|
|
|
d76c62 |
src/qemu/qemu_driver.c | 12 ++++++++----
|
|
|
d76c62 |
2 files changed, 9 insertions(+), 5 deletions(-)
|
|
|
d76c62 |
|
|
|
d76c62 |
diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
|
|
|
d76c62 |
index ef2d2c500b..f13126aeee 100644
|
|
|
d76c62 |
--- a/src/qemu/qemu_agent.c
|
|
|
d76c62 |
+++ b/src/qemu/qemu_agent.c
|
|
|
d76c62 |
@@ -1954,7 +1954,7 @@ qemuAgentGetFSInfoFillDisks(virJSONValuePtr jsondisks,
|
|
|
d76c62 |
return 0;
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
-/* Returns: 0 on success
|
|
|
d76c62 |
+/* Returns: number of entries in '@info' on success
|
|
|
d76c62 |
* -2 when agent command is not supported by the agent
|
|
|
d76c62 |
* -1 otherwise
|
|
|
d76c62 |
*/
|
|
|
d76c62 |
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
|
d76c62 |
index 8c7e90531a..0bdb2851ec 100644
|
|
|
d76c62 |
--- a/src/qemu/qemu_driver.c
|
|
|
d76c62 |
+++ b/src/qemu/qemu_driver.c
|
|
|
d76c62 |
@@ -23101,7 +23101,7 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
|
|
|
d76c62 |
g_autofree char *hostname = NULL;
|
|
|
d76c62 |
unsigned int supportedTypes = types;
|
|
|
d76c62 |
int rc;
|
|
|
d76c62 |
- int nfs = 0;
|
|
|
d76c62 |
+ size_t nfs = 0;
|
|
|
d76c62 |
qemuAgentFSInfoPtr *agentfsinfo = NULL;
|
|
|
d76c62 |
size_t i;
|
|
|
d76c62 |
|
|
|
d76c62 |
@@ -23154,9 +23154,13 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
|
|
|
d76c62 |
}
|
|
|
d76c62 |
}
|
|
|
d76c62 |
if (supportedTypes & VIR_DOMAIN_GUEST_INFO_FILESYSTEM) {
|
|
|
d76c62 |
- rc = nfs = qemuAgentGetFSInfo(agent, &agentfsinfo);
|
|
|
d76c62 |
- if (rc < 0 && !(rc == -2 && types == 0))
|
|
|
d76c62 |
- goto exitagent;
|
|
|
d76c62 |
+ rc = qemuAgentGetFSInfo(agent, &agentfsinfo);
|
|
|
d76c62 |
+ if (rc < 0) {
|
|
|
d76c62 |
+ if (!(rc == -2 && types == 0))
|
|
|
d76c62 |
+ goto exitagent;
|
|
|
d76c62 |
+ } else {
|
|
|
d76c62 |
+ nfs = rc;
|
|
|
d76c62 |
+ }
|
|
|
d76c62 |
}
|
|
|
d76c62 |
|
|
|
d76c62 |
ret = 0;
|
|
|
d76c62 |
--
|
|
|
d76c62 |
2.25.1
|
|
|
d76c62 |
|