From 00cc1b75dd5933bc68236ebc417fc816c4f45651 Mon Sep 17 00:00:00 2001

Message-Id: <00cc1b75dd5933bc68236ebc417fc816c4f45651@dist-git>

From: Michal Privoznik <mprivozn@redhat.com>

Date: Fri, 5 Aug 2016 16:34:37 +0200

Subject: [PATCH] lxcDomainCreateXMLWithFiles: Avoid crash

https://bugzilla.redhat.com/show_bug.cgi?id=1363773

Imagine that you're creating a transient domain, but for some reason,

starting it fails. That is virLXCProcessStart() returns an error. With

current code, in the error handling code the domain object is removed

from the domain object list, @vm is set to NULL and controls jump to

enjob label where virLXCDomainObjEndJob() is called which dereference vm

leading to instant crash.

The fix is to end the job in the error handling code and only after that

remove the domain from the list and jump onto cleanup label instead of

endjob.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

(cherry picked from commit 5f5a5a42e5146336430b9284539d4bff3e8bb598)

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

---

 src/lxc/lxc_driver.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c

index 80b7a5c..d47f215 100644

--- a/src/lxc/lxc_driver.c

+++ b/src/lxc/lxc_driver.c

@@ -1265,11 +1265,12 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,

                            (flags & VIR_DOMAIN_START_AUTODESTROY),

                            VIR_DOMAIN_RUNNING_BOOTED) < 0) {

         virDomainAuditStart(vm, "booted", false);

+        virLXCDomainObjEndJob(driver, vm);

         if (!vm->persistent) {

             virDomainObjListRemove(driver->domains, vm);

             vm = NULL;

         }

-        goto endjob;

+        goto cleanup;

     }

     event = virDomainEventLifecycleNewFromObj(vm,

@@ -1281,7 +1282,6 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,

     if (dom)

         dom->id = vm->def->id;

- endjob:

     virLXCDomainObjEndJob(driver, vm);

  cleanup:

-- 

2.9.2