If initializing test monitor in testQemuHotplugCpuPrepare()
fails, the control jumps to error label where
testQemuHotplugCpuDataFree() is called. But since the data->mon
is NULL due to aforementioned failure,
qemuMonitorTestGetMonitor() dereferences a NULL pointer leading
to a SIGSEGV.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 tests/qemuhotplugtest.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tests/qemuhotplugtest.c b/tests/qemuhotplugtest.c
index ba3fc4d814..ba30cf5aa6 100644
--- a/tests/qemuhotplugtest.c
+++ b/tests/qemuhotplugtest.c
@@ -399,9 +399,11 @@ testQemuHotplugCpuDataFree(struct testQemuHotplugCpuData *data)
         virObjectUnref(data->vm);
     }
 
-    mon = qemuMonitorTestGetMonitor(data->mon);
-    virObjectLock(mon);
-    qemuMonitorTestFree(data->mon);
+    if (data->mon) {
+        mon = qemuMonitorTestGetMonitor(data->mon);
+        virObjectLock(mon);
+        qemuMonitorTestFree(data->mon);
+    }
     VIR_FREE(data);
 }
 
-- 
2.26.2

On Mon, 2020-06-29 at 09:43 +0200, Michal Privoznik wrote:
> If initializing test monitor in testQemuHotplugCpuPrepare()
> fails, the control jumps to error label where
> testQemuHotplugCpuDataFree() is called. But since the data->mon
> is NULL due to aforementioned failure,
> qemuMonitorTestGetMonitor() dereferences a NULL pointer leading
> to a SIGSEGV.
> 
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>  tests/qemuhotplugtest.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)

Reviewed-by: Andrea Bolognani <abologna@redhat.com>

and safe for freeze.

-- 
Andrea Bolognani / Red Hat / Virtualization