From 086e2072fda0d0724d10af3ec68ef41f5038e0d0 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Thu, 31 Jul 2025 14:14:05 +0200 Subject: [PATCH] virCHDomainRefreshThreadInfo: Don't trust vcpu ID returned by hypervisor MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The hypervisor may return an index out of range of current vCPUs defined in the domain which would cause a NULL dereference. Validate that the vCPU struct with ID fetched from hypervisor exists before dereferencing it. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/ch/ch_domain.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/ch/ch_domain.c b/src/ch/ch_domain.c index 7231fdc49f..85bd99e1e9 100644 --- a/src/ch/ch_domain.c +++ b/src/ch/ch_domain.c @@ -276,10 +276,15 @@ virCHDomainRefreshThreadInfo(virDomainObj *vm) /* TODO: hotplug support */ vcpuInfo = &info[i].vcpuInfo; - vcpu = virDomainDefGetVcpu(vm->def, vcpuInfo->cpuid); - vcpupriv = CH_DOMAIN_VCPU_PRIVATE(vcpu); - vcpupriv->tid = vcpuInfo->tid; - ncpus++; + + if ((vcpu = virDomainDefGetVcpu(vm->def, vcpuInfo->cpuid))) { + vcpupriv = CH_DOMAIN_VCPU_PRIVATE(vcpu); + vcpupriv->tid = vcpuInfo->tid; + ncpus++; + } else { + VIR_WARN("vcpu '%d' reported by hypervisor but not found in definition", + vcpuInfo->cpuid); + } } /* TODO: Remove the warning when hotplug is implemented.*/ -- 2.47.3