storage: fix crash caused by no check return before set close

https://bugzilla.redhat.com/show_bug.cgi?id=1087104#c5

When trying to use an invalid offset to virStorageVolUpload(), libvirt
fails in virFDStreamOpenFileInternal(), although it seems libvirt does
not check the return in storageVolUpload(), and calls
virFDStreamSetInternalCloseCb() right after.  But stream doesn't have a
privateData (is NULL) yet, and the daemon crashes then.

0  0x00007f09429a9c10 in pthread_mutex_lock () from /lib64/libpthread.so.0
1  0x00007f094514dbf5 in virMutexLock (m=<optimized out>) at util/virthread.c:88
2  0x00007f09451cb211 in virFDStreamSetInternalCloseCb at fdstream.c:795
3  0x00007f092ff2c9eb in storageVolUpload at storage/storage_driver.c:2098
4  0x00007f09451f46e0 in virStorageVolUpload at libvirt.c:14000
5  0x00007f0945c78fa1 in remoteDispatchStorageVolUpload at remote_dispatch.h:14339
6  remoteDispatchStorageVolUploadHelper at remote_dispatch.h:14309
7  0x00007f094524a192 in virNetServerProgramDispatchCall at rpc/virnetserverprogram.c:437

Signed-off-by: Luyao Huang <lhuang@redhat.com>

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 7f33d6f1cd1af3d32d2252285d42618a40405663..7f4de193c450e33e09692221bd2e6929999bc0f0 100644 (file)
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -2111,8 +2111,9 @@ storageVolUpload(virStorageVolPtr obj,
             goto cleanup;
     }
 
-    ret = backend->uploadVol(obj->conn, pool, vol, stream,
-                             offset, length, flags);
+    if ((ret = backend->uploadVol(obj->conn, pool, vol, stream,
+                                  offset, length, flags)) < 0)
+        goto cleanup;
 
     /* Add cleanup callback - call after uploadVol since the stream
      * is then fully set up