From 5443a58d6b033324f191e01d774eeb2cd78c09e0 Mon Sep 17 00:00:00 2001 From: Luyao Huang Date: Tue, 13 Jan 2015 16:41:05 +0800 Subject: [PATCH] conf: fix crash when hotplug a channel chr device with no target MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit https://bugzilla.redhat.com/show_bug.cgi?id=1181408 When we try to hotplug a channel chr device with no target, we will get success (which should fail) in virDomainChrDefParseXML, because we use goto cleanup this place and return an incomplete definition (with no target). In qemuDomainAttachChrDevice, we add it to the domain definition, but fail to remove it from there when chardev-add fails, because virDomainChrRemove matches chardevices according to the target name. The device definition is then freed in qemuDomainAttachDeviceFlags, leaving a stale pointer in the domain definition. Signed-off-by: Luyao Huang Signed-off-by: Ján Tomko (cherry picked from commit fba7173f7236c705344aa84bf9715074abdc6ea7) Signed-off-by: Ján Tomko --- src/conf/domain_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c23a1f5219..2ea57ac85c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8138,7 +8138,7 @@ virDomainChrDefParseXML(xmlXPathContextPtr ctxt, if (!seenTarget && ((def->targetType = virDomainChrDefaultTargetType(def->deviceType)) < 0)) - goto cleanup; + goto error; if (virDomainChrSourceDefParseXML(&def->source, node->children, flags, def, ctxt, vmSeclabels, nvmSeclabels) < 0) -- 2.47.3