Avoid invoking the qemu monitor destroy callback if the constructor fails

Some, but not all, codepaths in the qemuMonitorOpen() method
would trigger the destroy callback. The caller does not expect
this to be invoked if construction fails, only during normal
release of the monitor. This resulted in a possible double-unref
of the virDomainObjPtr, because the caller explicitly unrefs
the virDomainObjPtr  if qemuMonitorOpen() fails

* src/qemu/qemu_monitor.c: Don't invoke destroy callback from
  qemuMonitorOpen() failure paths

diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index f428665f22f9f7beb53f5e54e6ec4a7528976b1e..b05032aea609a18a66a5349afb762186e106b13a 100644 (file)
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -198,7 +198,7 @@ void qemuMonitorUnlock(qemuMonitorPtr mon)
 static void qemuMonitorFree(qemuMonitorPtr mon)
 {
     VIR_DEBUG("mon=%p", mon);
-    if (mon->cb->destroy)
+    if (mon->cb && mon->cb->destroy)
         (mon->cb->destroy)(mon, mon->vm);
     if (virCondDestroy(&mon->notify) < 0)
     {}
@@ -671,6 +671,12 @@ qemuMonitorOpen(virDomainObjPtr vm,
     return mon;
 
 cleanup:
+    /* We don't want the 'destroy' callback invoked during
+     * cleanup from construction failure, because that can
+     * give a double-unref on virDomainObjPtr in the caller,
+     * so kill the callbacks now.
+     */
+    mon->cb = NULL;
     qemuMonitorUnlock(mon);
     qemuMonitorClose(mon);
     return NULL;