From: Daniel P. Berrangé <berrange@redhat.com>
Date: Fri, 4 Jun 2021 14:59:50 +0000 (+0100)
Subject: ch: set driver to NULL after freeing it
X-Git-Tag: v7.5.0-rc1~174
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b4701fe648e3f3e3648690232c13c87a87a98e83;p=thirdparty%2Flibvirt.git

ch: set driver to NULL after freeing it

If the chStateInitialize method fails, we call chStateCleanup
which free's all global state. It fails to set the global
'ch_driver' to NULL, however, so a later attempt to open the
cloud hypervisor driver will succeed and then crash attempting
to access freed memory.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---

diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c
index 7baacd7400..ac958d73a8 100644
--- a/src/ch/ch_driver.c
+++ b/src/ch/ch_driver.c
@@ -827,6 +827,7 @@ static int chStateCleanup(void)
     virObjectUnref(ch_driver->config);
     virMutexDestroy(&ch_driver->lock);
     g_free(ch_driver);
+    ch_driver = NULL;
 
     return 0;
 }