qemu: Fix possible infinite loop and segfault on error path.

virDomainVcpuPinDefCopy when the control flow reaches out of memory cleanup code, the flow would end in a infinite loop as the loop variable wasn't decremented. Also a dereference of NULL pointers was possible if allocation of the Vcpu pinning definiton structure failed.
2025-03-20 07:59:00 +00:00 · 2012-08-30 15:31:54 +02:00 · 2012-08-30 15:31:54 +02:00 · 40dfb52517
commit 40dfb52517
parent 46514ff752
1 changed files with 9 additions and 5 deletions
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@ -1496,7 +1496,7 @@ virDomainVcpuPinDefPtr *
 virDomainVcpuPinDefCopy(virDomainVcpuPinDefPtr *src, int nvcpupin)
 {
    int i = 0;
-    virDomainVcpuPinDefPtr *ret;
+    virDomainVcpuPinDefPtr *ret = NULL;

    if (VIR_ALLOC_N(ret, nvcpupin) < 0) {
        goto no_memory;
@ -1514,11 +1514,15 @@ virDomainVcpuPinDefCopy(virDomainVcpuPinDefPtr *src, int nvcpupin)
    return ret;

 no_memory:
-    while (i >= 0) {
-        VIR_FREE(ret[i]->cpumask);
-        VIR_FREE(ret[i]);
+    if (ret) {
+        for ( ; i >= 0; --i) {
+            if (ret[i]) {
+                VIR_FREE(ret[i]->cpumask);
+                VIR_FREE(ret[i]);
+            }
+        }
+        VIR_FREE(ret);
    }
-    VIR_FREE(ret);
    virReportOOMError();

    return NULL;