qemuDomainGetGuestInfo: Don't try to free a negative number of entries

'nfs' variable was set to -1 or -2 on agent failure. Cleanup then tried
to free 'nfs' elements of the array which resulted into a crash.

Make 'nfs' size_t and assign it only on successful agent call.

https://bugzilla.redhat.com/show_bug.cgi?id=1812965

Broken by commit 599ae372d8cf092

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
index ba0a4da053ceaae5104c76ae7b2b74fe1b09eee5..9ea2c595635b2b0c02c601d2306bf44d2459dfa8 100644 (file)
--- a/src/qemu/qemu_agent.c
+++ b/src/qemu/qemu_agent.c
@@ -1941,7 +1941,7 @@ qemuAgentGetFSInfoFillDisks(virJSONValuePtr jsondisks,
     return 0;
 }
 
-/* Returns: 0 on success
+/* Returns: number of entries in '@info' on success
  *          -2 when agent command is not supported by the agent
  *          -1 otherwise
  */

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 02ea5827678b65954b44c0809bb86fc91a60e5ac..e285e9373ca4017471baac5eb330e7672718a012 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -22814,7 +22814,7 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
     g_autofree char *hostname = NULL;
     unsigned int supportedTypes = types;
     int rc;
-    int nfs = 0;
+    size_t nfs = 0;
     qemuAgentFSInfoPtr *agentfsinfo = NULL;
     size_t i;
 
@@ -22867,9 +22867,13 @@ qemuDomainGetGuestInfo(virDomainPtr dom,
         }
     }
     if (supportedTypes & VIR_DOMAIN_GUEST_INFO_FILESYSTEM) {
-        rc = nfs = qemuAgentGetFSInfo(agent, &agentfsinfo);
-        if (rc < 0 && !(rc == -2 && types == 0))
-            goto exitagent;
+        rc = qemuAgentGetFSInfo(agent, &agentfsinfo);
+        if (rc < 0) {
+            if (!(rc == -2 && types == 0))
+                goto exitagent;
+        } else {
+            nfs = rc;
+        }
     }
 
     ret = 0;