From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 16 Jul 2013 13:39:06 +0000 (+0200)
Subject: qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cafcec2f5b0c9ff1dc573d798933ae453a15fa29;p=thirdparty%2Flibvirt.git

qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()

CVE-2013-4153

A part of the returned monitor response was freed twice and caused
crashes of the daemon when using guest agent cpu count retrieval.

 # virsh vcpucount dom --guest

Introduced in v1.0.6-48-gc6afcb0

(cherry picked from commit dfc692350a04a70b4ca65667c30869b3bfdaf034)
---

diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index 9914521443..d6be677d40 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -1538,7 +1538,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon,
 cleanup:
     virJSONValueFree(cmd);
     virJSONValueFree(reply);
-    virJSONValueFree(data);
     return ret;
 }