From 1e84cf79573e364075d6e63a4b00f7dc5f8aa924 Mon Sep 17 00:00:00 2001 From: Hanna Czenczek Date: Mon, 6 Feb 2023 14:29:49 +0100 Subject: curl: Fix error path in curl_open() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit g_hash_table_destroy() and g_hash_table_foreach_remove() (called by curl_drop_all_sockets()) both require the table to be non-NULL, or will print assertion failures (just print, no abort). There are several paths in curl_open() that can lead to the out_noclean label without s->sockets being allocated, so clean it only if it has been allocated. Example reproducer: $ qemu-img info -f http '' qemu-img: GLib: g_hash_table_foreach_remove: assertion 'hash_table != NULL' failed qemu-img: GLib: g_hash_table_destroy: assertion 'hash_table != NULL' failed qemu-img: Could not open '': http curl driver cannot handle the URL '' (does not start with 'http://') Closes: https://gitlab.com/qemu-project/qemu/-/issues/1475 Suggested-by: Daniel P. Berrangé Signed-off-by: Hanna Czenczek Message-Id: <20230206132949.92917-1-hreitz@redhat.com> Reviewed-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Kevin Wolf Signed-off-by: Kevin Wolf --- block/curl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'block') diff --git a/block/curl.c b/block/curl.c index cbada22e9e..ba9977af5a 100644 --- a/block/curl.c +++ b/block/curl.c @@ -850,8 +850,10 @@ out_noclean: g_free(s->username); g_free(s->proxyusername); g_free(s->proxypassword); - curl_drop_all_sockets(s->sockets); - g_hash_table_destroy(s->sockets); + if (s->sockets) { + curl_drop_all_sockets(s->sockets); + g_hash_table_destroy(s->sockets); + } qemu_opts_del(opts); return -EINVAL; } -- cgit v1.2.3