On 2/25/26 13:50, Stefan Kober wrote: > We have a g_autoptr ret in the virIdentityGetSystem function. In the > happy path it is properly returned by doing: return g_steal_pointer(&ret); > > There are 2 early return paths, were we do the following: "return ret;" > > This leads to the g_autoptr being cleaned up after we leave the > function, as we do not properly "steal" it. > > When later using the return value we have a use-after-free, which has > led to segfaults in some cases. > > As this is a regression introduced in > 1280a631ef488aeaab905eb30a55899ef8ba97be, we change the behavior to > properly return NULL in those cases.
In fact, it was introduced in c6825d88137cb8e4debdf4310e45ee23cb5698c0. > > On-behalf-of: SAP [email protected] > Signed-off-by: Stefan Kober <[email protected]> > --- > src/util/viridentity.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > Reviewed-by: Michal Privoznik <[email protected]> and merged. Michal
