From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 24 Sep 2020 16:39:13 +0000 (-0600)
Subject: libxl: Don't free def member of virDomainObj
X-Git-Tag: v6.8.0-rc2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=709c0e7616c56fe44dfd9bccc1df4d8506e334b7;p=thirdparty%2Flibvirt.git

libxl: Don't free def member of virDomainObj

The refactoring in commit de49d5bad3 accidentally dropped the statement
setting def to NULL after successfully adding it to the virDomainObjList,
causing it to be freed while still in use. The resulting memory
corruption caused unpredictable behavior, often resulting in a libvirtd
crash.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
---

diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
index 083738871d..571b70f982 100644
--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -627,6 +627,7 @@ libxlAddDom0(libxlDriverPrivatePtr driver)
                                        NULL)))
             goto cleanup;
 
+        def = NULL;
         vm->persistent = 1;
         virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_BOOTED);
     }