The cdrom eject code was trying to dereference the
NULL source of an empty cdrom. Attached patch fixes
this.
Thanks,
Cole
commit 5925689b5b94b29a520dcfbc7f4f1cfa0a0a0183
Author: Cole Robinson <[EMAIL PROTECTED]>
Date: Thu Aug 21 17:56:25 2008 -0400
Prevent cdrom eject from segfaulting when setting new disk source.
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 06fbe55..769f34f 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -2953,6 +2953,7 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
virDomainDiskDefPtr newdisk) {
struct qemud_driver *driver = (struct qemud_driver
*)dom->conn->privateData;
char *cmd, *reply, *safe_path;
+ char *newsrc = NULL;
if (newdisk->src) {
safe_path = qemudEscapeMonitorArg(newdisk->src);
@@ -2972,6 +2973,13 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
}
VIR_FREE(safe_path);
+ newsrc = strdup(newdisk->src);
+ if (!newsrc) {
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "%s", _("out of memory"));
+ return -1;
+ }
+
} else if (asprintf(&cmd, "eject cdrom") == -1) {
qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
"%s", _("out of memory"));
@@ -2982,11 +2990,17 @@ static int qemudDomainChangeCDROM(virDomainPtr dom,
qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
"%s", _("cannot change cdrom media"));
VIR_FREE(cmd);
+ VIR_FREE(newsrc);
return -1;
}
VIR_FREE(reply);
VIR_FREE(cmd);
- strcpy(olddisk->src, newdisk->src);
+
+ VIR_FREE(olddisk->src);
+ if (newsrc) {
+ olddisk->src = newsrc;
+ newsrc = NULL;
+ }
olddisk->type = newdisk->type;
return 0;
}
--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
