From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 16 Jul 2013 13:39:06 +0000 (+0200)
Subject: qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()
X-Git-Tag: CVE-2013-4153^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dfc692350a04a70b4ca65667c30869b3bfdaf034;p=thirdparty%2Flibvirt.git

qemu: Fix double free of returned JSON array in qemuAgentGetVCPUs()

A part of the returned monitor response was freed twice and caused
crashes of the daemon when using guest agent cpu count retrieval.

 # virsh vcpucount dom --guest

Introduced in v1.0.6-48-gc6afcb0
---

diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index aca5ff3bb0..72bf211cc7 100644
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -1529,7 +1529,6 @@ qemuAgentGetVCPUs(qemuAgentPtr mon,
 cleanup:
     virJSONValueFree(cmd);
     virJSONValueFree(reply);
-    virJSONValueFree(data);
     return ret;
 }