vbox: fix SEGV during dumpxml of a serial port

commit 77a12987 changed the "virDomainChrSourceDef source" inside virDomainChrDef to "virDomainChrSourceDefPtr source", and started allocating source inside virDomainChrDefNew(), but vboxDumpSerial() was allocating a virDomainChrDef with a simple VIR_ALLOC() (i.e. never calling virDomainChrDefNew()), so source was never initialized, leading to a SEGV any time a serial port was present. The same problem was created in vboxDumpParallel(). This patch changes vboxDumpSerial() and vboxDumpParallel() to use virDomainChrDefNew() instead of VIR_ALLOC(), and changes both of those functions to return an error if virDomainChrDef() (or any other allocation) fails. This resolves: https://bugzilla.redhat.com/1536649 (cherry picked from commit 9c27e464)

vbox: fix SEGV during dumpxml of a serial port
commit 77a12987 changed the "virDomainChrSourceDef source" inside virDomainChrDef to "virDomainChrSourceDefPtr source", and started allocating source inside virDomainChrDefNew(), but vboxDumpSerial() was allocating a virDomainChrDef with a simple VIR_ALLOC() (i.e. never calling virDomainChrDefNew()), so source was never initialized, leading to a SEGV any time a serial port was present. The same problem was created in vboxDumpParallel(). This patch changes vboxDumpSerial() and vboxDumpParallel() to use virDomainChrDefNew() instead of VIR_ALLOC(), and changes both of those functions to return an error if virDomainChrDef() (or any other allocation) fails. This resolves: https://bugzilla.redhat.com/1536649 (cherry picked from commit 9c27e464)
96af3e36 · Laine Stump · 9e6bc47b · 96af3e36
隐藏空白更改
内联并排

Showing with 31 addition and 12 deletion

src/vbox/vbox_common.c src/vbox/vbox_common.c +31 -12

未找到文件。
--- a/src/vbox/vbox_common.c
+++ b/src/vbox/vbox_common.c
@@ -3614,7 +3614,7 @@ vboxDumpAudio(virDomainDefPtr def, vboxDriverPtr data ATTRIBUTE_UNUSED,
    }
 }
-static void
+static int
 vboxDumpSerial(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRUint32 serialPortCount)
 {
    PRUint32 serialPortIncCount = 0;
@@ -3638,9 +3638,15 @@ vboxDumpSerial(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRUin
    }
    /* Allocate memory for the serial ports which are enabled */
-    if ((def->nserials > 0) && (VIR_ALLOC_N(def->serials, def->nserials) >= 0)) {
+    if (def->nserials > 0) {
-        for (i = 0; i < def->nserials; i++)
+        if (VIR_ALLOC_N(def->serials, def->nserials) < 0)
-            ignore_value(VIR_ALLOC(def->serials[i]));
+            return -1;
+        for (i = 0; i < def->nserials; i++) {
+            def->serials[i] = virDomainChrDefNew(NULL);
+            if (!def->serials[i])
+                return -1;
+        }
    }
    /* Now get the details about the serial ports here */
@@ -3688,7 +3694,8 @@ vboxDumpSerial(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRUin
                if (pathUtf16) {
                    VBOX_UTF16_TO_UTF8(pathUtf16, &path);
-                    ignore_value(VIR_STRDUP(def->serials[serialPortIncCount]->source->data.file.path, path));
+                    if (VIR_STRDUP(def->serials[serialPortIncCount]->source->data.file.path, path) < 0)
+                        return -1;
                }
                serialPortIncCount++;
@@ -3700,9 +3707,10 @@ vboxDumpSerial(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRUin
            VBOX_RELEASE(serialPort);
        }
    }
+    return 0;
 }
-static void
+static int
 vboxDumpParallel(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRUint32 parallelPortCount)
 {
    PRUint32 parallelPortIncCount = 0;
@@ -3726,9 +3734,15 @@ vboxDumpParallel(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRU
    }
    /* Allocate memory for the parallel ports which are enabled */
-    if ((def->nparallels > 0) && (VIR_ALLOC_N(def->parallels, def->nparallels) >= 0)) {
+    if (def->nparallels > 0) {
-        for (i = 0; i < def->nparallels; i++)
+        if (VIR_ALLOC_N(def->parallels, def->nparallels) < 0)
-            ignore_value(VIR_ALLOC(def->parallels[i]));
+            return -1;
+        for (i = 0; i < def->nparallels; i++) {
+            def->parallels[i] = virDomainChrDefNew(NULL);
+            if (!def->parallels[i])
+                return -1;
+        }
    }
    /* Now get the details about the parallel ports here */
@@ -3763,7 +3777,8 @@ vboxDumpParallel(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRU
                gVBoxAPI.UIParallelPort.GetPath(parallelPort, &pathUtf16);
                VBOX_UTF16_TO_UTF8(pathUtf16, &path);
-                ignore_value(VIR_STRDUP(def->parallels[parallelPortIncCount]->source->data.file.path, path));
+                if (VIR_STRDUP(def->parallels[parallelPortIncCount]->source->data.file.path, path) < 0)
+                    return -1;
                parallelPortIncCount++;
@@ -3774,6 +3789,7 @@ vboxDumpParallel(virDomainDefPtr def, vboxDriverPtr data, IMachine *machine, PRU
            VBOX_RELEASE(parallelPort);
        }
    }
+    return 0;
 }
 static char *vboxDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
@@ -3912,8 +3928,11 @@ static char *vboxDomainGetXMLDesc(virDomainPtr dom, unsigned int flags)
    vboxDumpSharedFolders(def, data, machine);
    vboxDumpNetwork(def, data, machine, networkAdapterCount);
    vboxDumpAudio(def, data, machine);
-    vboxDumpSerial(def, data, machine, serialPortCount);
-    vboxDumpParallel(def, data, machine, parallelPortCount);
+    if (vboxDumpSerial(def, data, machine, serialPortCount) < 0)
+        goto cleanup;
+    if (vboxDumpParallel(def, data, machine, parallelPortCount) < 0)
+        goto cleanup;
    /* dump USB devices/filters if active */
    vboxHostDeviceGetXMLDesc(data, def, machine);