virCHDomainRefreshThreadInfo: Don't trust vcpu ID returned by hypervisor

The hypervisor may return an index out of range of current vCPUs
defined in the domain which would cause a NULL dereference. Validate
that the vCPU struct with ID fetched from hypervisor exists before
dereferencing it.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/ch/ch_domain.c b/src/ch/ch_domain.c
index 7231fdc49f52da6c5e3e568245bc2e4281dff832..85bd99e1e972ad9485e82ad1fc0a19d2d86d9b72 100644 (file)
--- a/src/ch/ch_domain.c
+++ b/src/ch/ch_domain.c
@@ -276,10 +276,15 @@ virCHDomainRefreshThreadInfo(virDomainObj *vm)
 
         /* TODO: hotplug support */
         vcpuInfo = &info[i].vcpuInfo;
-        vcpu = virDomainDefGetVcpu(vm->def, vcpuInfo->cpuid);
-        vcpupriv = CH_DOMAIN_VCPU_PRIVATE(vcpu);
-        vcpupriv->tid = vcpuInfo->tid;
-        ncpus++;
+
+        if ((vcpu = virDomainDefGetVcpu(vm->def, vcpuInfo->cpuid))) {
+            vcpupriv = CH_DOMAIN_VCPU_PRIVATE(vcpu);
+            vcpupriv->tid = vcpuInfo->tid;
+            ncpus++;
+        } else {
+            VIR_WARN("vcpu '%d' reported by hypervisor but not found in definition",
+                     vcpuInfo->cpuid);
+        }
     }
 
     /* TODO: Remove the warning when hotplug is implemented.*/