mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-22 12:35:17 +00:00
qemu: Fix some issues in virQEMUDriverConfigLoadNVRAMEntry
Commit c4f4e195 fixed a double free, but if the code returns before we realloc the list and virFirmwareFreeList was called with cfg->nfirmwares > 0 (e.g. during virQEMUDriverConfigDispose), then it would be rather disastrous. So let's reinitialize that too to indicate the list is empty. Coverity pointed out that using nvram[0] as a guard to reallocating the list could lead to a possible NULL deref. While nvram[0] may always be true in this case, if it wasn't then the subsequent for loop would fail. Just reallocate always regardless - even if nfirmwares == 0 as virFirmwareFreeList will free it for us anyway. Signed-off-by: John Ferlan <jferlan@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Signed-off-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
John Ferlan
Ján Tomko
parent
6f0418173b
commit
3cb833fef0
@ -835,6 +835,7 @@ virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfigPtr cfg,
|
||||
|
||||
virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
|
||||
cfg->firmwares = NULL;
|
||||
cfg->nfirmwares = 0;
|
||||
|
||||
if (qemuFirmwareFetchConfigs(&fwList, privileged) < 0)
|
||||
return -1;
|
||||
@ -843,13 +844,11 @@ virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfigPtr cfg,
|
||||
VIR_WARN("Obsolete nvram variable is set while firmware metadata "
|
||||
"files found. Note that the nvram config file variable is "
|
||||
"going to be ignored.");
|
||||
cfg->nfirmwares = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
cfg->nfirmwares = virStringListLength((const char *const *)nvram);
|
||||
if (nvram[0])
|
||||
cfg->firmwares = g_new0(virFirmwarePtr, cfg->nfirmwares);
|
||||
cfg->firmwares = g_new0(virFirmwarePtr, cfg->nfirmwares);
|
||||
|
||||
for (i = 0; nvram[i] != NULL; i++) {
|
||||
cfg->firmwares[i] = g_new0(virFirmware, 1);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user