From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 31 Jul 2025 12:14:05 +0000 (+0200)
Subject: virCHDomainRefreshThreadInfo: Don't trust vcpu ID returned by hypervisor
X-Git-Tag: v11.7.0-rc1~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=086e2072fda0d0724d10af3ec68ef41f5038e0d0;p=thirdparty%2Flibvirt.git

virCHDomainRefreshThreadInfo: Don't trust vcpu ID returned by hypervisor

The hypervisor may return an index out of range of current vCPUs
defined in the domain which would cause a NULL dereference. Validate
that the vCPU struct with ID fetched from hypervisor exists before
dereferencing it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/ch/ch_domain.c b/src/ch/ch_domain.c
index 7231fdc49f..85bd99e1e9 100644
--- a/src/ch/ch_domain.c
+++ b/src/ch/ch_domain.c
@@ -276,10 +276,15 @@ virCHDomainRefreshThreadInfo(virDomainObj *vm)
 
         /* TODO: hotplug support */
         vcpuInfo = &info[i].vcpuInfo;
-        vcpu = virDomainDefGetVcpu(vm->def, vcpuInfo->cpuid);
-        vcpupriv = CH_DOMAIN_VCPU_PRIVATE(vcpu);
-        vcpupriv->tid = vcpuInfo->tid;
-        ncpus++;
+
+        if ((vcpu = virDomainDefGetVcpu(vm->def, vcpuInfo->cpuid))) {
+            vcpupriv = CH_DOMAIN_VCPU_PRIVATE(vcpu);
+            vcpupriv->tid = vcpuInfo->tid;
+            ncpus++;
+        } else {
+            VIR_WARN("vcpu '%d' reported by hypervisor but not found in definition",
+                     vcpuInfo->cpuid);
+        }
     }
 
     /* TODO: Remove the warning when hotplug is implemented.*/