From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 13 Jan 2016 10:17:24 +0000 (+0100)
Subject: qemuProcessCleanupChardevDevice: Don't unlink NULL paths
X-Git-Tag: v1.3.1-rc2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e988ba94aa5e2db450bd11585101cd93795eb116;p=thirdparty%2Flibvirt.git

qemuProcessCleanupChardevDevice: Don't unlink NULL paths

So, you try to start a domain, but before we even get to the part
where chardev part of qemu command line is generated (and
possibly missing path to unix sockets is made up) an error occurs
which results in calling qemuProcessStop. This will then try to
clean up the mess and possibly ends up calling unlink(NULL).

==8085== Thread 3:
==8085== Syscall param unlink(pathname) points to unaddressable byte(s)
==8085==    at 0xA85EA57: unlink (in /lib64/libc-2.21.so)
==8085==    by 0x213D3C24: qemuProcessCleanupChardevDevice (qemu_process.c:2866)
==8085==    by 0x558D6B1: virDomainChrDefForeach (domain_conf.c:22924)
==8085==    by 0x213DA9AE: qemuProcessStop (qemu_process.c:5326)
==8085==    by 0x213DA2F2: qemuProcessStart (qemu_process.c:5190)
==8085==    by 0x2142957F: qemuDomainObjStart (qemu_driver.c:7396)
==8085==    by 0x214297DB: qemuDomainCreateWithFlags (qemu_driver.c:7450)
==8085==    by 0x21429842: qemuDomainCreate (qemu_driver.c:7468)
==8085==    by 0x5611B95: virDomainCreate (libvirt-domain.c:6753)
==8085==    by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613)
==8085==    by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589)
==8085==    by 0x568BF41: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
==8085==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==8085==

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 3d9e0e580c..f083f3f329 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2862,7 +2862,8 @@ qemuProcessCleanupChardevDevice(virDomainDefPtr def ATTRIBUTE_UNUSED,
                                 void *opaque ATTRIBUTE_UNUSED)
 {
     if (dev->source.type == VIR_DOMAIN_CHR_TYPE_UNIX &&
-        dev->source.data.nix.listen)
+        dev->source.data.nix.listen &&
+        dev->source.data.nix.path)
         unlink(dev->source.data.nix.path);
 
     return 0;