conf: clear the acpiNodeset field after freeing

The virDomainDeviceInfoClear method does not free the struct, only
its contents, so all pointer fields must be explicitly set to NULL
after releasing to avoid disk of double-free.

Reported by coverity:

  *** CID 895678:         Memory - corruptions  (USE_AFTER_FREE)
  /src/conf/domain_conf.c: 5926             in virDomainDeviceInfoParseXML()
  5920             goto cleanup;
  5921
  5922
  5923         ret = 0;
  5924      cleanup:
  5925         if (ret < 0)
  >>>     CID 895678:         Memory - corruptions  (USE_AFTER_FREE)
  >>>     Calling "virDomainDeviceInfoClear" frees pointer "info->acpiNodeset" which has already been freed.
  5926             virDomainDeviceInfoClear(info);
  5927         return ret;
  5928     }
  5929
  5930     static int
  5931     virDomainHostdevSubsysUSBDefParseXML(xmlNodePtr node,

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c
index d08de68717a38dfab5bf5af94bdb454e1d9e9bf7..c278b8165212e62ab99ce4774ced4e9a7879b3f9 100644 (file)
--- a/src/conf/device_conf.c
+++ b/src/conf/device_conf.c
@@ -137,7 +137,7 @@ virDomainDeviceInfoClear(virDomainDeviceInfo *info)
     info->type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE;
     VIR_FREE(info->romfile);
     VIR_FREE(info->loadparm);
-    virBitmapFree(info->acpiNodeset);
+    g_clear_pointer(&info->acpiNodeset, virBitmapFree);
     info->isolationGroup = 0;
     info->isolationGroupLocked = false;
 }