lxcDomainCreateXMLWithFiles: Avoid crash

https://bugzilla.redhat.com/show_bug.cgi?id=1363773

Imagine that you're creating a transient domain, but for some reason,
starting it fails. That is virLXCProcessStart() returns an error. With
current code, in the error handling code the domain object is removed
from the domain object list, @vm is set to NULL and controls jump to
enjob label where virLXCDomainObjEndJob() is called which dereference vm
leading to instant crash.

The fix is to end the job in the error handling code and only after that
remove the domain from the list and jump onto cleanup label instead of
endjob.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index 2e6788af095220b09ef9553f63659582114811ee..da98b3865179ad9d2e1b31684dad6099da1d7306 100644 (file)
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1263,11 +1263,12 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
                            (flags & VIR_DOMAIN_START_AUTODESTROY),
                            VIR_DOMAIN_RUNNING_BOOTED) < 0) {
         virDomainAuditStart(vm, "booted", false);
+        virLXCDomainObjEndJob(driver, vm);
         if (!vm->persistent) {
             virDomainObjListRemove(driver->domains, vm);
             vm = NULL;
         }
-        goto endjob;
+        goto cleanup;
     }
 
     event = virDomainEventLifecycleNewFromObj(vm,
@@ -1279,7 +1280,6 @@ lxcDomainCreateXMLWithFiles(virConnectPtr conn,
     if (dom)
         dom->id = vm->def->id;
 
- endjob:
     virLXCDomainObjEndJob(driver, vm);
 
  cleanup: