conf: fix crash when parsing a unordered NUMA <cell/>

https://bugzilla.redhat.com/show_bug.cgi?id=1260846

Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will
get a segfault. This is because of a check for overlapping @cpus
sets we have there. However, since the array to hold guest NUMA
cells is allocated upfront and therefore it contains all zeros,
an out of order cell will break our assumption that cell IDs have
increasing character. At this point we try to access yet NULL
bitmap and therefore segfault.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
(cherry picked from commit 83ae3ee39bd13feddecc49aaad382d5cae72c257)

src/conf/numa_conf.c

@@ -759,11 +759,15 @@ virDomainNumaDefCPUParseXML(virDomainNumaPtr def,
         }
         VIR_FREE(tmp);
 
-        for (j = 0; j < i; j++) {
+        for (j = 0; j < n; j++) {
+            if (j == cur_cell || !def->mem_nodes[j].cpumask)
+                continue;
+
             if (virBitmapOverlaps(def->mem_nodes[j].cpumask,
-                                  def->mem_nodes[i].cpumask)) {
+                                  def->mem_nodes[cur_cell].cpumask)) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                               _("NUMA cells %zu and %zu have overlapping vCPU ids"), i, j);
+                               _("NUMA cells %u and %zu have overlapping vCPU ids"),
+                               cur_cell, j);
                 goto cleanup;
             }
         }

tests/qemuxml2argvdata/qemuxml2argv-cpu-numa-disordered.xml

@@ -0,0 +1,26 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>328650</memory>
+  <currentMemory unit='KiB'>328650</currentMemory>
+  <vcpu placement='static'>16</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc'>hvm</type>
+    <boot dev='network'/>
+  </os>
+  <cpu>
+    <topology sockets='2' cores='4' threads='2'/>
+    <numa>
+      <cell id='0' cpus='0-5' memory='109550' unit='KiB'/>
+      <cell id='2' cpus='6-10' memory='109550' unit='KiB'/>
+      <cell id='1' cpus='11-15' memory='109550' unit='KiB'/>
+    </numa>
+  </cpu>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+      <emulator>/usr/bin/qemu</emulator>
+  </devices>
+</domain>

tests/qemuxml2xmloutdata/qemuxml2xmlout-cpu-numa-disordered.xml

@@ -0,0 +1,29 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>328650</memory>
+  <currentMemory unit='KiB'>328650</currentMemory>
+  <vcpu placement='static'>16</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc'>hvm</type>
+    <boot dev='network'/>
+  </os>
+  <cpu>
+    <topology sockets='2' cores='4' threads='2'/>
+    <numa>
+      <cell id='0' cpus='0-5' memory='109550' unit='KiB'/>
+      <cell id='1' cpus='11-15' memory='109550' unit='KiB'/>
+      <cell id='2' cpus='6-10' memory='109550' unit='KiB'/>
+    </numa>
+  </cpu>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <controller type='usb' index='0'/>
+    <controller type='pci' index='0' model='pci-root'/>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>

tests/qemuxml2xmltest.c

@@ -603,6 +603,7 @@ mymain(void)
     DO_TEST_DIFFERENT("cpu-numa1");
     DO_TEST_DIFFERENT("cpu-numa2");
     DO_TEST_DIFFERENT("cpu-numa-no-memory-element");
+    DO_TEST_DIFFERENT("cpu-numa-disordered");
     DO_TEST("cpu-numa-disjoint");
     DO_TEST("cpu-numa-memshared");