From 31d35776ac5aa93f97d1f3516630137664f48881 Mon Sep 17 00:00:00 2001 Message-Id: <31d35776ac5aa93f97d1f3516630137664f48881@dist-git> From: Peter Krempa Date: Wed, 26 Feb 2014 14:54:48 +0100 Subject: [PATCH] snapshot: conf: Fix NULL dereference when element is empty https://bugzilla.redhat.com/show_bug.cgi?id=1032370 Consider the following valid snapshot XML as the element is allowed to be empty in the domainsnapshot.rng schema: $ cat snap.xml produces the following error: $ virsh snapshot-create domain snap.xml error: internal error: unknown disk snapshot driver '(null)' The driver type is parsed as NULL from the XML as the attribute is not present and then directly used to produce the error message. With this patch the attempt to parse the driver type is skipped if not present to avoid changing the schema to forbid the empty driver element. (cherry picked from commit 5a66c667ff5cae61c2ad2e646c8eb3eedc67f925) Signed-off-by: Jiri Denemark --- src/conf/snapshot_conf.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/conf/snapshot_conf.c b/src/conf/snapshot_conf.c index 29e12b7..a1fd723 100644 --- a/src/conf/snapshot_conf.c +++ b/src/conf/snapshot_conf.c @@ -154,15 +154,17 @@ virDomainSnapshotDiskDefParseXML(xmlNodePtr node, } else if (!def->format && xmlStrEqual(cur->name, BAD_CAST "driver")) { char *driver = virXMLPropString(cur, "type"); - def->format = virStorageFileFormatTypeFromString(driver); - if (def->format <= 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unknown disk snapshot driver '%s'"), - driver); + if (driver) { + def->format = virStorageFileFormatTypeFromString(driver); + if (def->format <= 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unknown disk snapshot driver '%s'"), + driver); + VIR_FREE(driver); + goto cleanup; + } VIR_FREE(driver); - goto cleanup; } - VIR_FREE(driver); } } -- 1.9.0