qemu: Fix NULL pointer access in qemuProcessInitCpuAffinity()

andreabolognani · andreabolognani · commit a84922c09e9e · 2019-06-06T16:50:11.000+02:00
Commit 2f2254c attempted to fix a memory leak by ensuring cpumapToSet is always a freshly allocated bitmap, but regrettably introduced a NULL pointer access while doing so, because it called virBitmapCopy() without allocating the destination bitmap first. Solve the issue by using virBitmapNewCopy() instead. Reported-by: John Ferlan <jferlan@redhat.com> Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Reviewed-by: John Ferlan <jferlan@redhat.com>
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
@@ -2498,7 +2498,7 @@ qemuProcessInitCpuAffinity(virDomainObjPtr vm)
         if (virNumaNodesetToCPUset(nodeset, &cpumapToSet) < 0)
             return -1;
     } else if (vm->def->cputune.emulatorpin) {
-        if (virBitmapCopy(cpumapToSet, vm->def->cputune.emulatorpin) < 0)
+        if (!(cpumapToSet = virBitmapNewCopy(vm->def->cputune.emulatorpin)))
             return -1;
     } else {
         if (qemuProcessGetAllCpuAffinity(&cpumapToSet) < 0)
