From 6768b210335e9c0c7d97bb96ad2ff69a276236a3 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 10 Mar 2014 18:47:19 -0400 Subject: [PATCH] BZ1072677: Avoid freeing of 0 file descriptor Avoid the freeing of an array of zero file descriptors in case of error. Initialize the array to -1 using memset. Signed-off-by: Stefan Berger --- src/qemu/qemu_hotplug.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index dd72a794e3..6ff2489d2f 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -874,9 +874,12 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, tapfdSize = vhostfdSize = net->driver.virtio.queues; if (!tapfdSize) tapfdSize = vhostfdSize = 1; - if (VIR_ALLOC_N(tapfd, tapfdSize) < 0 || - VIR_ALLOC_N(vhostfd, vhostfdSize) < 0) + if (VIR_ALLOC_N(tapfd, tapfdSize) < 0) goto cleanup; + memset(tapfd, -1, sizeof(*tapfd) * tapfdSize); + if (VIR_ALLOC_N(vhostfd, vhostfdSize) < 0) + goto cleanup; + memset(vhostfd, -1, sizeof(*vhostfd) * vhostfdSize); if (qemuNetworkIfaceConnect(vm->def, conn, driver, net, priv->qemuCaps, tapfd, &tapfdSize) < 0) goto cleanup; @@ -885,8 +888,12 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, goto cleanup; } else if (actualType == VIR_DOMAIN_NET_TYPE_DIRECT) { tapfdSize = vhostfdSize = 1; - if (VIR_ALLOC(tapfd) < 0 || VIR_ALLOC(vhostfd) < 0) + if (VIR_ALLOC(tapfd) < 0) goto cleanup; + *tapfd = -1; + if (VIR_ALLOC(vhostfd) < 0) + goto cleanup; + *vhostfd = -1; if ((tapfd[0] = qemuPhysIfaceConnect(vm->def, driver, net, priv->qemuCaps, VIR_NETDEV_VPORT_PROFILE_OP_CREATE)) < 0) @@ -898,6 +905,7 @@ int qemuDomainAttachNetDevice(virConnectPtr conn, vhostfdSize = 1; if (VIR_ALLOC(vhostfd) < 0) goto cleanup; + *vhostfd = -1; if (qemuOpenVhostNet(vm->def, net, priv->qemuCaps, vhostfd, &vhostfdSize) < 0) goto cleanup; }