From: Luyao Huang <lhuang@redhat.com>
Date: Tue, 13 Jan 2015 08:41:05 +0000 (+0800)
Subject: conf: fix crash when hotplug a channel chr device with no target
X-Git-Tag: v1.2.12-rc1~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fba7173f7236c705344aa84bf9715074abdc6ea7;p=thirdparty%2Flibvirt.git

conf: fix crash when hotplug a channel chr device with no target

https://bugzilla.redhat.com/show_bug.cgi?id=1181408

When we try to hotplug a channel chr device with no target, we
will get success (which should fail) in virDomainChrDefParseXML,
because we use goto cleanup this place and return an incomplete
definition (with no target). In qemuDomainAttachChrDevice,
we add it to the domain definition, but fail to remove it from
there when chardev-add fails, because virDomainChrRemove
matches chardevices according to the target name.
The device definition is then freed in qemuDomainAttachDeviceFlags,
leaving a stale pointer in the domain definition.

Signed-off-by: Luyao Huang <lhuang@redhat.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 57e99e6782..3cbb93d677 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8700,7 +8700,7 @@ virDomainChrDefParseXML(xmlXPathContextPtr ctxt,
 
     if (!seenTarget &&
         ((def->targetType = virDomainChrDefaultTargetType(def->deviceType)) < 0))
-        goto cleanup;
+        goto error;
 
     if (virDomainChrSourceDefParseXML(&def->source, node->children, flags, def,
                                       ctxt, vmSeclabels, nvmSeclabels) < 0)