qemu: avoid null pointer dereference

This code has had problems historically. As originally written, in commit 6bcf2501 (Jun 08), it could call unlink on a random string, nuking an unrelated file. Then commit 182a80b9 (Sep 09), the code was rewritten to allocate tmp, with both a use-after-free bug and a chance to call unlink(NULL). Commit e206946d (Mar 11) fixed the use-after-free, but not the NULL dereference. Thanks to clang for catching this! * src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call unlink on NULL.

qemu: avoid null pointer dereference
This code has had problems historically. As originally written, in commit 6bcf2501 (Jun 08), it could call unlink on a random string, nuking an unrelated file. Then commit 182a80b9 (Sep 09), the code was rewritten to allocate tmp, with both a use-after-free bug and a chance to call unlink(NULL). Commit e206946d (Mar 11) fixed the use-after-free, but not the NULL dereference. Thanks to clang for catching this! * src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call unlink on NULL.
4d080ee4 · Eric Blake · 4b4e8b57 · 4d080ee4
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +2 -1

未找到文件。
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5355,7 +5355,8 @@ endjob:

 cleanup:
    VIR_FORCE_CLOSE(fd);
-    unlink (tmp);
+    if (tmp)
+        unlink(tmp);
    VIR_FREE(tmp);
    if (vm)
        virDomainObjUnlock(vm);