On Fri, Nov 29, 2024 at 22:56:45 +0800, kaihuan wrote:
> qemuDomainDiskByName() can return a NULL pointer on failure.
> But this returned value in qemuSnapshotDeleteValidate is not checked.It will
> make libvirtd crash.
>
> Signed-off-by: kaihuan <jungleman...@gmail.com>
> ---
> src/qemu/qemu_snapshot.c | 15 +++++++++++++--
> 1 file changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
> index 18b2e478f6..bcbd913073 100644
> --- a/src/qemu/qemu_snapshot.c
> +++ b/src/qemu/qemu_snapshot.c
> @@ -4242,8 +4242,19 @@ qemuSnapshotDeleteValidate(virDomainObj *vm,
> virDomainDiskDef *vmdisk = NULL;
> virDomainDiskDef *disk = NULL;
>
> - vmdisk = qemuDomainDiskByName(vm->def, snapDisk->name);
> - disk = qemuDomainDiskByName(snapdef->parent.dom, snapDisk->name);
> + if (!(vmdisk = qemuDomainDiskByName(vm->def, snapDisk->name))) {
> + virReportError(VIR_ERR_OPERATION_FAILED,
> + _("disk '%1$s' referenced by snapshot '%2$s' not
> found in the current definition"),
> + snapDisk->name, snap->def->name);
> + return -1;
> + }
> +
> + if (!(disk = qemuDomainDiskByName(snapdef->parent.dom,
> snapDisk->name))) {
> + virReportError(VIR_ERR_OPERATION_FAILED,
> + _("disk '%1$s' referenced by snapshot '%2$s' not
> found in the VM definition of the deleted snapshot"),
> + snapDisk->name, snap->def->name);
> + return -1;
> + }
>
> if (!virStorageSourceIsSameLocation(vmdisk->src, disk->src)) {
> virReportError(VIR_ERR_OPERATION_UNSUPPORTED,
Reviewed-by: Peter Krempa <pkre...@redhat.com>
