qemu_conf: Fix double free problem for cfg->firmwares

cfg->firmwares still points to the original memory address after being freed by virFirmwareFreeList(). As cfg get freed, it will be freed again even if cfg->nfirmwares=0 which eventually lead to crash. The patch fix it by setting cfg->firmwares to NULL explicitly after virFirmwareFreeList() returns Signed-off-by: Guoyi <Tu<tu.guoyi@h3c.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>

qemu_conf: Fix double free problem for cfg->firmwares
c4f4e195 · Tuguoyi · Michal Privoznik · 0cbcd21b · c4f4e195
Commit c4f4e195 authored 4 years ago by Tuguoyi Committed by Michal Privoznik 4 years ago
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -834,6 +834,7 @@ virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfigPtr cfg,
        VIR_AUTOSTRINGLIST fwList = NULL;

        virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
+        cfg->firmwares = NULL;

        if (qemuFirmwareFetchConfigs(&fwList, privileged) < 0)
            return -1;