qemu: Avoid crash in qemuDiskGetActualType

Libvirtd would crash if a domain contained an empty cdrom drive of
type='volume' as the disk def->srcpool member would be dereferenced. Fix
it by checking if the source pool is present before dereferencing it.

Also alter tests to catch this issue in the future.

Reported by: Kevin Shanahan
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 43787910cf84582ccc1e51bf639673cf16b6cb25..ac53f6df651350453f761efed98764bb69294a35 100644 (file)
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -1302,7 +1302,7 @@ cleanup:
 int
 qemuDiskGetActualType(virDomainDiskDefPtr def)
 {
-    if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME)
+    if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool)
         return def->srcpool->actualtype;
 
     return def->type;

diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
index da87ad926c8528d7da3d78874bde62e71428b5d7..6b409b7a95534c0c3cbea4979fadda5f3113a4f2 100644 (file)
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args
@@ -3,6 +3,8 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive \
 file=/some/block/device/cdrom,if=none,media=cdrom,id=drive-ide0-0-1 -device \
 ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -drive \
+if=none,media=cdrom,id=drive-ide0-1-0 -device \
+ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive \
 file=/tmp/idedisk.img,if=none,id=drive-ide0-0-2 -device \
 ide-drive,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 -device \
 virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4

diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
index 6ca5cf76ed186f8275e50236c1ae3a3b47068d4e..e96f76eae847da92cb70213c16e05fec3e4ff0ab 100644 (file)
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml
@@ -24,6 +24,12 @@
       <readonly/>
       <address type='drive' controller='0' bus='0' target='0' unit='1'/>
     </disk>
+    <disk type='volume' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <target dev='hdc' bus='ide'/>
+      <readonly/>
+      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
+    </disk>
     <disk type='file' device='disk'>
       <source file='/tmp/idedisk.img'/>
       <target dev='hdc' bus='ide'/>