External/libvirt
1
0
Fork 0
Code

qemu: Fix possible infinite loop and segfault on error path.

Browse Source 
virDomainVcpuPinDefCopy when the control flow reaches out of memory
cleanup code, the flow would end in a infinite loop as the loop variable
wasn't decremented.

Also a dereference of NULL pointers was possible if allocation of the
Vcpu pinning definiton structure failed.
This commit is contained in:
Peter Krempa 2012-08-30 15:31:54 +02:00
parent 46514ff752
commit 40dfb52517
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/conf/domain_conf.c
View File

@ -1496,7 +1496,7 @@ virDomainVcpuPinDefPtr *
virDomainVcpuPinDefCopy(virDomainVcpuPinDefPtr *src, int nvcpupin)
{
int i = 0;
virDomainVcpuPinDefPtr *ret;
virDomainVcpuPinDefPtr *ret = NULL;
if (VIR_ALLOC_N(ret, nvcpupin) < 0) {
goto no_memory;
@ -1514,11 +1514,15 @@ virDomainVcpuPinDefCopy(virDomainVcpuPinDefPtr *src, int nvcpupin)
return ret;
no_memory:
while (i >= 0) {
VIR_FREE(ret[i]->cpumask);
VIR_FREE(ret[i]);
if (ret) {
for ( ; i >= 0; --i) {
if (ret[i]) {
VIR_FREE(ret[i]->cpumask);
VIR_FREE(ret[i]);
}
}
VIR_FREE(ret);
}
VIR_FREE(ret);
virReportOOMError();
return NULL;