qemu: Fix two issues in qemuDomainSetVcpus error handling

Issue #1 - A call to virBitmapNew did not check if the allocation
failed which could lead to a NULL dereference

Issue #2 - When deleting the pin entries from the config file, the
code loops from the number of elements down to the "new" vcpu count;
however, the pin id values are numbered 0..n-1 not 1..n, so the "first"
pin attempt would never work. Luckily the check was for whether the
incoming 'n' (vcpu id) matched the entry in the array from 0..arraysize
rather than a dereference of the 'n' entry

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index ed6764d548cb4b66d42effe5c459efbda7654cb7..6d9217b13034ca05bd8747c48233878f4a5a5852 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -4752,7 +4752,11 @@ static int qemuDomainHotplugVcpus(virQEMUDriverPtr driver,
                 if (VIR_ALLOC(vcpupin) < 0)
                     goto cleanup;
 
-                vcpupin->cpumask = virBitmapNew(VIR_DOMAIN_CPUMASK_LEN);
+                if (!(vcpupin->cpumask =
+                      virBitmapNew(VIR_DOMAIN_CPUMASK_LEN))) {
+                    VIR_FREE(vcpupin);
+                    goto cleanup;
+                }
                 virBitmapCopy(vcpupin->cpumask, vm->def->cpumask);
                 vcpupin->id = i;
                 if (VIR_APPEND_ELEMENT_COPY(vm->def->cputune.vcpupin,
@@ -4987,7 +4991,7 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, unsigned int nvcpus,
         if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
             /* remove vcpupin entries for vcpus that were unplugged */
             if (nvcpus < persistentDef->vcpus) {
-                for (i = persistentDef->vcpus; i >= nvcpus; i--)
+                for (i = persistentDef->vcpus - 1; i >= nvcpus; i--)
                     virDomainPinDel(&persistentDef->cputune.vcpupin,
                                     &persistentDef->cputune.nvcpupin,
                                     i);