From 7afc0388b824c928a3b017ceb44615c54abe4ab5 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Tue, 9 Sep 2025 10:26:20 +0100 Subject: [PATCH] conf: clear the acpiNodeset field after freeing MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The virDomainDeviceInfoClear method does not free the struct, only its contents, so all pointer fields must be explicitly set to NULL after releasing to avoid disk of double-free. Reported by coverity: *** CID 895678: Memory - corruptions (USE_AFTER_FREE) /src/conf/domain_conf.c: 5926 in virDomainDeviceInfoParseXML() 5920 goto cleanup; 5921 5922 5923 ret = 0; 5924 cleanup: 5925 if (ret < 0) >>> CID 895678: Memory - corruptions (USE_AFTER_FREE) >>> Calling "virDomainDeviceInfoClear" frees pointer "info->acpiNodeset" which has already been freed. 5926 virDomainDeviceInfoClear(info); 5927 return ret; 5928 } 5929 5930 static int 5931 virDomainHostdevSubsysUSBDefParseXML(xmlNodePtr node, Reviewed-by: Peter Krempa Signed-off-by: Daniel P. Berrangé --- src/conf/device_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conf/device_conf.c b/src/conf/device_conf.c index d08de68717..c278b81652 100644 --- a/src/conf/device_conf.c +++ b/src/conf/device_conf.c @@ -137,7 +137,7 @@ virDomainDeviceInfoClear(virDomainDeviceInfo *info) info->type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE; VIR_FREE(info->romfile); VIR_FREE(info->loadparm); - virBitmapFree(info->acpiNodeset); + g_clear_pointer(&info->acpiNodeset, virBitmapFree); info->isolationGroup = 0; info->isolationGroupLocked = false; } -- 2.47.3