From: Eric Blake <eblake@redhat.com>
Date: Fri, 27 Jan 2012 20:53:11 +0000 (-0700)
Subject: qemu: avoid double free of qemu help output
X-Git-Tag: v0.9.10-rc1~86
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab6f1c9814f88e0547a5567176282f501fb138e2;p=thirdparty%2Flibvirt.git

qemu: avoid double free of qemu help output

If yajl was not compiled in, we end up freeing an incoming
parameter, which leads to a bogus free later on.  Regression
introduced in commit 6e769eb.

* src/qemu/qemu_capabilities.c (qemuCapsParseHelpStr): Avoid alloc
on failure path, which in turn fixes bogus free.
Reported by Cole Robinson.
---

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 6dee9d8326..426637ce48 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1330,16 +1330,14 @@ int qemuCapsParseHelpStr(const char *qemu,
 
 fail:
     p = strchr(help, '\n');
-    if (p)
-        p = strndup(help, p - help);
+    if (!p)
+        p = strchr(help, '\0');
 
     qemuReportError(VIR_ERR_INTERNAL_ERROR,
-                    _("cannot parse %s version number in '%s'"),
-                    qemu, p ? p : help);
+                    _("cannot parse %s version number in '%.*s'"),
+                    qemu, (int) (p - help), help);
 
 cleanup:
-    VIR_FREE(p);
-
     return -1;
 }