Daniel P. Berrange wrote: > On Tue, Dec 15, 2009 at 04:19:23PM +0100, Jim Meyering wrote: >> >> "dom" is set to NULL within the while loop: >> >> virDomainObjUnlock(dom); >> dom = NULL; >> >> If on a subsequent iteration something fails, >> we goto "cleanup" or "no_memory", both of which >> have us run this code: >> >> fclose(fp); >> virDomainObjUnref(dom); >> return -1; >> >> And the virDomainObjUnref function would dereference "dom". >> >> >> >From 3971ff17c7e9f1ddbc443d48b86fe6ba60a2d4a0 Mon Sep 17 00:00:00 2001 >> From: Jim Meyering <meyer...@redhat.com> >> Date: Tue, 15 Dec 2009 16:16:57 +0100 >> Subject: [PATCH] openvz_conf.c: don't dereference NULL upon failure >> >> * src/openvz/openvz_conf.c (openvzLoadDomains): Avoid NULL deref >> of "dom". >> --- >> src/openvz/openvz_conf.c | 3 ++- >> 1 files changed, 2 insertions(+), 1 deletions(-) >> >> diff --git a/src/openvz/openvz_conf.c b/src/openvz/openvz_conf.c >> index 7e9abbf..43bbaf2 100644 >> --- a/src/openvz/openvz_conf.c >> +++ b/src/openvz/openvz_conf.c >> @@ -535,7 +535,8 @@ int openvzLoadDomains(struct openvz_driver *driver) { >> >> cleanup: >> fclose(fp); >> - virDomainObjUnref(dom); >> + if (dom) >> + virDomainObjUnref(dom); >> return -1; >> } >> >> -- > > ACK
Pushed. -- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list