From: Jiri Denemark Date: Fri, 27 Sep 2013 13:07:38 +0000 (+0200) Subject: qemu: Don't leak reference to virQEMUDriverConfigPtr X-Git-Tag: CVE-2013-4399~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=833cdab6d2ad7521c954948adf3c7d3c3b42ae9f;p=thirdparty%2Flibvirt.git qemu: Don't leak reference to virQEMUDriverConfigPtr https://bugzilla.redhat.com/show_bug.cgi?id=1011330 (case D) qemuProcessStart created two references to virQEMUDriverConfigPtr before calling fork(): cfg = virQEMUDriverGetConfig(driver); ... hookData.cfg = virObjectRef(cfg); However, the child only unreferenced hookData.cfg and the parent only removed the cfg reference. That said, we don't need to increment the reference counter when assigning cfg to hookData. Both the child and the parent will correctly remove the reference on cfg (the child will do that through hookData). Signed-off-by: Jiri Denemark --- diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 2b9bfe3949..d7be7319c3 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3520,7 +3520,8 @@ int qemuProcessStart(virConnectPtr conn, hookData.conn = conn; hookData.vm = vm; hookData.driver = driver; - hookData.cfg = virObjectRef(cfg); + /* We don't increase cfg's reference counter here. */ + hookData.cfg = cfg; VIR_DEBUG("Beginning VM startup process");