From: Daniel P. Berrange <berrange@redhat.com>
Date: Mon, 23 Sep 2013 13:10:35 +0000 (+0100)
Subject: Fix crash on OOM in qemuDomainCCWAddressSetCreate()
X-Git-Tag: v1.1.3-rc1~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba19783d9bd2e1d2e1c517b2bcb231c0a85aed54;p=thirdparty%2Flibvirt.git

Fix crash on OOM in qemuDomainCCWAddressSetCreate()

If OOM occurs in qemuDomainCCWAddressSetCreate, it jumps to
a cleanup block and frees the partially initialized object.
It then mistakenly returns the address of the just free'd
pointer instead of NULL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index e6239c993c..e98aed5601 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1261,10 +1261,10 @@ qemuDomainCCWAddressSetCreate(void)
      qemuDomainCCWAddressSetPtr addrs = NULL;
 
     if (VIR_ALLOC(addrs) < 0)
-        goto cleanup;
+        goto error;
 
     if (!(addrs->defined = virHashCreate(10, qemuDomainCCWAddressSetFreeEntry)))
-        goto cleanup;
+        goto error;
 
     /* must use cssid = 0xfe (254) for virtio-ccw devices */
     addrs->next.cssid = 254;
@@ -1273,9 +1273,9 @@ qemuDomainCCWAddressSetCreate(void)
     addrs->next.assigned = 0;
     return addrs;
 
-cleanup:
+error:
     qemuDomainCCWAddressSetFree(addrs);
-    return addrs;
+    return NULL;
 }
 
 /*