From e3a594f1a3914d545d51413801516e9d75450fa6 Mon Sep 17 00:00:00 2001
From: Tuguoyi <tu.guoyi@h3c.com>
Date: Tue, 24 Nov 2020 03:12:00 +0000
Subject: [PATCH 022/108] qemu_conf: Fix double free problem for cfg->firmwares
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cfg->firmwares still points to the original memory address after being
freed by virFirmwareFreeList(). As cfg get freed, it will be freed again
even if cfg->nfirmwares=0 which eventually lead to crash.

The patch fix it by setting cfg->firmwares to NULL explicitly after
virFirmwareFreeList() returns

Signed-off-by: Guoyi Tu<tu.guoyi@h3c.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit c4f4e195a14c86b7daff2c45f1cbfd23ac16aaa8)
---
 src/qemu/qemu_conf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index bd96ccb78e..da2a1bdfe4 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -811,6 +811,7 @@ virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfigPtr cfg,
         VIR_AUTOSTRINGLIST fwList = NULL;
 
         virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
+        cfg->firmwares = NULL;
 
         if (qemuFirmwareFetchConfigs(&fwList, privileged) < 0)
             return -1;
-- 
2.33.0