From 9d840969ed92182707e0871a1fda185323fcdeaa Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Fri, 8 Mar 2019 13:24:15 +0100 Subject: [PATCH] libxl: prepare environment for domcreate_stream_done The function domcreate_bootloader_done may branch early to domcreate_stream_done, in case some error occoured. Here srs->dcs will be NULL, which leads to a crash. It is unclear what the purpose of that backpointer is. Perhaps it can be removed, and domcreate_stream_done could use CONTAINER_OF. Signed-off-by: Olaf Hering Acked-by: Wei Liu [ wei: fold in comment required by Ian ] Signed-off-by: Wei Liu --- tools/libxl/libxl_create.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index a4e74a5cd2..89fe80fc9c 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -1093,6 +1093,9 @@ static void domcreate_bootloader_done(libxl__egc *egc, return; } + /* Prepare environment for domcreate_stream_done */ + dcs->srs.dcs = dcs; + /* Restore */ callbacks->restore_results = libxl__srm_callout_callback_restore_results; @@ -1116,7 +1119,6 @@ static void domcreate_bootloader_done(libxl__egc *egc, goto out; dcs->srs.ao = ao; - dcs->srs.dcs = dcs; dcs->srs.fd = restore_fd; dcs->srs.legacy = (dcs->restore_params.stream_version == 1); dcs->srs.back_channel = false; @@ -1181,6 +1183,8 @@ static void domcreate_stream_done(libxl__egc *egc, libxl__stream_read_state *srs, int ret) { + /* NB perhaps only srs->dcs is valid; eg in the case of an + * early branch to domcreate_bootloader_done's `out' block */ libxl__domain_create_state *dcs = srs->dcs; STATE_AO_GC(dcs->ao); libxl_ctx *ctx = libxl__gc_owner(gc); -- 2.30.2