[libvirt] [PATCH] Fix segmentation fault when accessing default qemu machine type

Yudai Yamagishi Tue, 17 Dec 2013 00:42:09 -0800

From: Yudai Yamagish <yu...@sfc.wide.ad.jp>

This patch fixes a segmentation fault when creating new virtual machines using 
QEMU.
The segmentation fault is caused by commit 
f41830680e40d3ec845cefd25419bd87414b9ccf
and commit cbb6ec42e2447d7920b30d66923b2a2b2670133b.


In virQEMUCapsProbeQMPMachineTypes, when copying machines to qemuCaps, "none" 
is skipped.
Therefore, the value of i and "qemuCaps->nmachineTypes - 1" do not always match.
However, defIdx value (used to call virQEMUCapsSetDefaultMachine) is set using 
the value in i
when the array elements are in qemuCaps->nmachineTypes - 1.
So, when libvirt tries to create virtual machines using the default machine 
type,
qemuCaps->machineTypes[defIdx] is accessed and since the defIdx is NULL, it 
results in segmentation fault.

Signed-off-by: Yudai Yamagishi <yu...@sfc.wide.ad.jp>
---
 src/qemu/qemu_capabilities.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 5e9c65e..5def55c 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2150,7 +2150,7 @@ virQEMUCapsProbeQMPMachineTypes(virQEMUCapsPtr qemuCaps,
                        machines[i]->name) < 0)
             goto cleanup;
         if (machines[i]->isDefault)
-            defIdx = i;
+            defIdx = qemuCaps->nmachineTypes - 1;
         qemuCaps->machineMaxCpus[qemuCaps->nmachineTypes - 1] =
             machines[i]->maxCpus;
     }
-- 
1.7.2.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] Fix segmentation fault when accessing default qemu machine type

Reply via email to