qemu_tpm: Don't crash if qemuTPMPcrBankBitmapToStr(NULL)

Historically, the tpm->data.emulator.activePcrBanks member was an
unsigned int but since it was used as a bitmap it was converted
to virBitmap type instead. Now, the virBitmap is allocated inside
of virDomainTPMDefParseXML() but only if <activePcrBanks/> was
found with at last one child element. Otherwise it stays NULL.

Fast forward to starting a domain with TPM 2.0 and no
<activePcrBanks/> configured. Eventually,
qemuTPMEmulatorBuildCommand() is called, which subsequently calls
qemuTPMEmulatorReconfigure() and finally
qemuTPMPcrBankBitmapToStr() passing the NULL value. Before
rewrite to virBitmap this function would return NULL for empty
activePcrBanks but now, well, now it crashes.

Fixes: 52c7c31c8038aa31d502f59a40e4fb4ba9f61113
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index c08b0851da277397d84e180e458e724fc906b4ac..584c787b700b935f167c495ff71438913efebceb 100644 (file)
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -449,6 +449,9 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
     ssize_t bank = -1;
 
+    if (!activePcrBanks)
+        return NULL;
+
     while ((bank = virBitmapNextSetBit(activePcrBanks, bank)) > -1)
         virBufferAsprintf(&buf, "%s,", virDomainTPMPcrBankTypeToString(bank));