On Mon, Sep 29, 2025 at 07:55:55PM +0300, [email protected] wrote: > From: Denis Rastyogin <[email protected]> > > virGetLastError() may return NULL in case of OOM. Without a check this > could lead to a NULL pointer dereference when accessing its fields. > The result of virGetLastError() is usually checked in other places, so > add the missing check here as well.
AFAICT, it can't return NULL on OOM, because virGetLastError calls into virLastErrorObject() which calls g_new0() which aborts on OOM. The only way we can get NULL from virGetLastError is if there was no error reported, because in this codepath we've already seen that virDomainCreate returned < 0, and so we know an error is reported. IOW, I don't see any bug here to fix. > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Reported-by: Pavel Nekrasov <[email protected]> > Signed-off-by: Denis Rastyogin <[email protected]> > --- > tools/virt-login-shell-helper.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/tools/virt-login-shell-helper.c b/tools/virt-login-shell-helper.c > index cb59b5dec0..9282ca481e 100644 > --- a/tools/virt-login-shell-helper.c > +++ b/tools/virt-login-shell-helper.c > @@ -282,6 +282,10 @@ main(int argc, char **argv) > if (!virDomainIsActive(dom) && virDomainCreate(dom) < 0) { > virErrorPtr last_error; > last_error = virGetLastError(); > + > + if (!last_error) > + goto cleanup; > + > if (last_error->code != VIR_ERR_OPERATION_INVALID) { > virReportSystemError(last_error->code, > _("Can't create %1$s container: %2$s"), > -- > 2.42.2 > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
