mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 22:25:25 +00:00
Fix dereference of potentially freed pointer in qemudDomainSaveFlags
The pointer to the xml describing the domain is saved into an object prior to calling VIR_REALLOC_N() to make the size of the memory it points to a multiple of QEMU_MONITOR_MIGRATE_TO_FILE_BS. If that operation needs to allocate new memory, the pointer that was saved is no longer valid. To avoid this situation, adjust the size *before* saving the pointer. (This showed up when experimenting with very large values of QEMU_MONITOR_MIGRATE_TO_FILE_BS).
This commit is contained in:
parent
b1eb7f2e98
commit
1d45e1b622
@ -4959,12 +4959,6 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
|
||||
is_reg = S_ISREG(sb.st_mode);
|
||||
}
|
||||
|
||||
|
||||
/* Setup hook data needed by virFileOperation hook function */
|
||||
hdata.dom = dom;
|
||||
hdata.path = path;
|
||||
hdata.xml = xml;
|
||||
hdata.header = &header;
|
||||
offset = sizeof(header) + header.xml_len;
|
||||
|
||||
/* Due to way we append QEMU state on our header with dd,
|
||||
@ -4985,6 +4979,12 @@ static int qemudDomainSaveFlag(virDomainPtr dom, const char *path,
|
||||
header.xml_len += pad;
|
||||
}
|
||||
|
||||
/* Setup hook data needed by virFileOperation hook function */
|
||||
hdata.dom = dom;
|
||||
hdata.path = path;
|
||||
hdata.xml = xml;
|
||||
hdata.header = &header;
|
||||
|
||||
/* Write header to file, followed by XML */
|
||||
|
||||
/* First try creating the file as root */
|
||||
|
Loading…
Reference in New Issue
Block a user