From 5f5a5a42e5146336430b9284539d4bff3e8bb598 Mon Sep 17 00:00:00 2001 From: Michal Privoznik Date: Thu, 4 Aug 2016 16:44:01 +0200 Subject: [PATCH] lxcDomainCreateXMLWithFiles: Avoid crash https://bugzilla.redhat.com/show_bug.cgi?id=1363773 Imagine that you're creating a transient domain, but for some reason, starting it fails. That is virLXCProcessStart() returns an error. With current code, in the error handling code the domain object is removed from the domain object list, @vm is set to NULL and controls jump to enjob label where virLXCDomainObjEndJob() is called which dereference vm leading to instant crash. The fix is to end the job in the error handling code and only after that remove the domain from the list and jump onto cleanup label instead of endjob. Signed-off-by: Michal Privoznik --- src/lxc/lxc_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 2e6788af09..da98b38651 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1263,11 +1263,12 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn, (flags & VIR_DOMAIN_START_AUTODESTROY), VIR_DOMAIN_RUNNING_BOOTED) < 0) { virDomainAuditStart(vm, "booted", false); + virLXCDomainObjEndJob(driver, vm); if (!vm->persistent) { virDomainObjListRemove(driver->domains, vm); vm = NULL; } - goto endjob; + goto cleanup; } event = virDomainEventLifecycleNewFromObj(vm, @@ -1279,7 +1280,6 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn, if (dom) dom->id = vm->def->id; - endjob: virLXCDomainObjEndJob(driver, vm); cleanup: