From: Michal Privoznik Date: Thu, 11 Aug 2022 18:57:02 +0000 (+0200) Subject: qemu_tpm: Don't crash if qemuTPMPcrBankBitmapToStr(NULL) X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=78cc34cb99e22d660cbb77ae45f3ab62a08c0752;p=libvirt.git qemu_tpm: Don't crash if qemuTPMPcrBankBitmapToStr(NULL) Historically, the tpm->data.emulator.activePcrBanks member was an unsigned int but since it was used as a bitmap it was converted to virBitmap type instead. Now, the virBitmap is allocated inside of virDomainTPMDefParseXML() but only if was found with at last one child element. Otherwise it stays NULL. Fast forward to starting a domain with TPM 2.0 and no configured. Eventually, qemuTPMEmulatorBuildCommand() is called, which subsequently calls qemuTPMEmulatorReconfigure() and finally qemuTPMPcrBankBitmapToStr() passing the NULL value. Before rewrite to virBitmap this function would return NULL for empty activePcrBanks but now, well, now it crashes. Fixes: 52c7c31c8038aa31d502f59a40e4fb4ba9f61113 Signed-off-by: Michal Privoznik Reviewed-by: Ján Tomko --- diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index c08b0851da..584c787b70 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -449,6 +449,9 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks) g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; ssize_t bank = -1; + if (!activePcrBanks) + return NULL; + while ((bank = virBitmapNextSetBit(activePcrBanks, bank)) > -1) virBufferAsprintf(&buf, "%s,", virDomainTPMPcrBankTypeToString(bank));