qemu: avoid null pointer dereference

This code has had problems historically.  As originally
written, in commit 6bcf2501 (Jun 08), it could call unlink
on a random string, nuking an unrelated file.

Then commit 182a80b9 (Sep 09), the code was rewritten to
allocate tmp, with both a use-after-free bug and a chance to
call unlink(NULL).

Commit e206946 (Mar 11) fixed the use-after-free, but not the
NULL dereference.  Thanks to clang for catching this!

* src/qemu/qemu_driver.c (qemudDomainMemoryPeek): Don't call
unlink on NULL.

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 16d869d4cbcdb277fb733ec30ec1a6b62f6927c9..0919503455ae0a7bc00e5f1d1176822e06436d4e 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -5355,7 +5355,8 @@ endjob:
 
 cleanup:
     VIR_FORCE_CLOSE(fd);
-    unlink (tmp);
+    if (tmp)
+        unlink(tmp);
     VIR_FREE(tmp);
     if (vm)
         virDomainObjUnlock(vm);