From a7c016e4cb494a55650dafee187f3438f80eeed4 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 28 Jan 2022 20:37:42 +0100
Subject: [PATCH] virpcivpdtest: Fix potential double-free()

Inside the testPCIVPDResourceCustomCompareIndex() function we
have two variables @a and @b, both marked as g_autoptr(). Then,
towards the end of the function b->value is freed and set to
a->value. This is to make sure
virPCIVPDResourceCustomCompareIndex() works correctly even if
->value member is the same for both arguments.

Nevertheless, if the function returns anything else than 0 then
the control executes subsequent return statement and since
b->value points to the very same string as a->value a double free
will occur. Avoid this by setting b->value to NULL explicitly,
just like we are already doing for the successful path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
---
 tests/virpcivpdtest.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/virpcivpdtest.c b/tests/virpcivpdtest.c
index a6bf46b103..a5f4abae6f 100644
--- a/tests/virpcivpdtest.c
+++ b/tests/virpcivpdtest.c
@@ -229,8 +229,10 @@ testPCIVPDResourceCustomCompareIndex(const void *data G_GNUC_UNUSED)
     /* Different index, same value pointers */
     g_free(b->value);
     b->value = a->value;
-    if (virPCIVPDResourceCustomCompareIndex(b, a))
+    if (virPCIVPDResourceCustomCompareIndex(b, a)) {
+        b->value = NULL;
         return -1;
+    }
 
     b->value = NULL;