-
由 Osier Yang 提交于
Problem: "parser.head" is not NULL even if it's free'ed by "virJSONValueFree", returning "parser.head" when "virJSONValueFromString" fails will cause unexpected errors (libvirtd will crash sometimes), e.g. In function "qemuMonitorJSONArbitraryCommand": if (!(cmd = virJSONValueFromString(cmd_str))) goto cleanup; if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) goto cleanup; ...... cleanup: virJSONValueFree(cmd); It will continues to send command to monitor even if "virJSONValueFromString" is failed, and more worse, it trys to free "cmd" again. Crash example: {"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}} {"error":{"class":"QMPBadInputObject","desc":"Expected 'execute' in QMP input","data":{"expected":"execute"}}} error: server closed connection: error: unable to connect to '/var/run/libvirt/libvirt-sock', libvirtd may need to be started: Connection refused error: failed to connect to the hypervisor This fix is to: 1) return NULL for failure of "virJSONValueFromString", 2) and it seems "virJSONValueFree" uses incorrect loop index for type of "VIR_JSON_TYPE_OBJECT", fix it together. * src/util/json.c93e8b877