qemu: domain: Fix potential NULL deref when parsing job private data

A specially crafted XML which would reference a non-existing disk but request the mirror to be registered with the blockjob could potentially make the parser dereference NULL. Fix it by moving the code slightly and just treat it as a wrong job XML. Found by Coverity. Reported-by: N John Ferlan <jferlan@redhat.com> Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Erik Skultety <eskultet@redhat.com> Reviewed-by: N John Ferlan <jferlan@redhat.com>

qemu: domain: Fix potential NULL deref when parsing job private data
A specially crafted XML which would reference a non-existing disk but request the mirror to be registered with the blockjob could potentially make the parser dereference NULL. Fix it by moving the code slightly and just treat it as a wrong job XML. Found by Coverity. Reported-by: N John Ferlan <jferlan@redhat.com> Signed-off-by: N Peter Krempa <pkrempa@redhat.com> Reviewed-by: N Erik Skultety <eskultet@redhat.com> Reviewed-by: N John Ferlan <jferlan@redhat.com>
ed7e342b · Peter Krempa · dfd33c1f · ed7e342b
隐藏空白更改
内联并排

Showing with 7 addition and 3 deletion

src/qemu/qemu_domain.c src/qemu/qemu_domain.c +7 -3

未找到文件。
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -3012,15 +3012,19 @@ qemuDomainObjPrivateXMLParseBlockjobData(virDomainObjPtr vm,
            invalidData = true;
    }

+    if (mirror) {
+        if (disk)
+            job->mirrorChain = virObjectRef(disk->mirror);
+        else
+            invalidData = true;
+    }
+
    job->state = state;
    job->newstate = newstate;
    job->errmsg = virXPathString("string(./errmsg)", ctxt);
    job->invalidData = invalidData;
    job->disk = disk;

-    if (mirror)
-        job->mirrorChain = virObjectRef(job->disk->mirror);
-
    qemuDomainObjPrivateXMLParseBlockjobDataSpecific(job, ctxt, xmlopt);

    if (qemuBlockJobRegister(job, vm, disk, false) < 0)