aboutsummaryrefslogtreecommitdiffstats
path: root/main/libvirt/CVE-2020-12430.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libvirt/CVE-2020-12430.patch')
-rw-r--r--main/libvirt/CVE-2020-12430.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/main/libvirt/CVE-2020-12430.patch b/main/libvirt/CVE-2020-12430.patch
new file mode 100644
index 00000000000..0d2b9e0f754
--- /dev/null
+++ b/main/libvirt/CVE-2020-12430.patch
@@ -0,0 +1,44 @@
+From 9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Wed, 19 Feb 2020 08:40:59 +0100
+Subject: [PATCH] qemuDomainGetStatsIOThread: Don't leak array with 0 iothreads
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+qemuMonitorGetIOThreads returns a NULL-terminated list even when 0
+iothreads are present. The caller didn't perform cleanup if there were 0
+iothreads leaking the array.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1804548
+
+Fixes: d1eac92784573559b6fd56836e33b215c89308e3
+Reported-by: Jing Yan <jiyan@redhat.com>
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/qemu/qemu_driver.c | 8 ++++++--
+ 1 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index f686b85..39e1f04 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -21759,8 +21759,12 @@ qemuDomainGetStatsIOThread(virQEMUDriverPtr driver,
+ if ((niothreads = qemuDomainGetIOThreadsMon(driver, dom, &iothreads)) < 0)
+ return -1;
+
+- if (niothreads == 0)
+- return 0;
++ /* qemuDomainGetIOThreadsMon returns a NULL-terminated list, so we must free
++ * it even if it returns 0 */
++ if (niothreads == 0) {
++ ret = 0;
++ goto cleanup;
++ }
+
+ if (virTypedParamListAddUInt(params, niothreads, "iothread.count") < 0)
+ goto cleanup;
+--
+1.7.1
+