virsh: avoid double free of domain

* tools/virsh.c: avoid double free of domain, when weight value of blkiotune
  less than 0, codes will free domain and jump to cleanup section, however,
  cleanup will free domain again.

Detected in valgrind run:

==21297== ERROR SUMMARY: 20 errors from 20 contexts (suppressed: 69 from 8)
==21297==
==21297== 1 errors in context 1 of 20:
==21297== Invalid read of size 4
==21297==    at 0x40E209B: virDomainFree (libvirt.c:2096)
==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)
==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297==    by 0x406814D: virFree (memory.c:310)
==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)
==21297==
==21297==
==21297== 1 errors in context 2 of 20:
==21297== Invalid read of size 4
==21297==    at 0x40E1FE6: virDomainFree (libvirt.c:2092)
==21297==    by 0x8065274: cmdBlkiotune (virsh.c:3695)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)
==21297==  Address 0x446ad48 is 0 bytes inside a block of size 36 free'd
==21297==    at 0x4005B0A: free (vg_replace_malloc.c:325)
==21297==    by 0x406814D: virFree (memory.c:310)
==21297==    by 0x40D6635: virReleaseDomain (datatypes.c:243)
==21297==    by 0x40D6C5E: virUnrefDomain (datatypes.c:280)
==21297==    by 0x40E20B9: virDomainFree (libvirt.c:2101)
==21297==    by 0x8065297: cmdBlkiotune (virsh.c:3613)
==21297==    by 0x8054CC1: vshCommandRun (virsh.c:13135)
==21297==    by 0x806B967: main (virsh.c:14487)

* how to reproduce?
  % valgrind -v --leak-check=full virsh blkiotune guestname --weight -1

diff --git a/tools/virsh.c b/tools/virsh.c
index e75a2495446eada1481587c772b30e7fc37ddec6..cba249a4fb44cc6ff226943739841c752d7d34c0 100644 (file)
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -3610,7 +3610,6 @@ cmdBlkiotune(vshControl * ctl, const vshCmd * cmd)
     if (weight) {
         nparams++;
         if (weight < 0) {
-            virDomainFree(dom);
             vshError(ctl, _("Invalid value of %d for I/O weight"), weight);
             goto cleanup;
         }