Changeset 94864 in vbox

Timestamp:

May 5, 2022 6:29:18 PM (3 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

151264

Message:

Main/Snapshot: Fix deparenting crash (lost in the big change for bugref:7717) and add some checks avoiding processing objects which have been already uninitialized and avoiding crashes due to dereferencing NULL pointers. bugref:10219

File:

• trunk/src/VBox/Main/src-server/SnapshotImpl.cpp (modified) (5 diffs)

trunk/src/VBox/Main/src-server/SnapshotImpl.cpp

@@ -199 +199 @@
         Assert(pSnapshot->m->pMachine->isWriteLockOnCurrentThread());
 
+        /* Remove initial snapshot from parent snapshot's list of children. */
+        if (pSnapshot == this)
+            pSnapshot->i_deparent();
+
         /* Paranoia. Shouldn't be set any more at processing time. */
-        pSnapshot->m->pParent.setNull();
+        Assert(!pSnapshot->m || pSnapshot->m->pParent.isNull());
 
         /* Process all children */
@@ -208 +212 @@
         {
             Snapshot *pChild = *it;
+
+            if (!pChild || !pChild->m)
+                continue;
+
             pChild->m->pParent.setNull();
             llSnapshotsTodo.push_back(pChild);
@@ -316 +324 @@
 {
     Assert(m->pMachine->isWriteLockOnCurrentThread());
+
+    if (m->pParent.isNull())
+        return;
+
+    Assert(m->pParent->m);
 
     SnapshotsList &llParent = m->pParent->m->llChildren;
@@ -554 +567 @@
         llSnapshotsTodo.pop_front();
 
+        /* Check if snapshot is uninitialized already, can happen if an API
+         * client asks at an inconvenient time. */
+        if (!pSnapshot->m)
+            continue;
+
         cChildren += (ULONG)pSnapshot->m->llChildren.size();
 
@@ -891 +909 @@
         for (SnapshotsList::const_iterator it = itBegin; it != itEnd; ++it)
         {
+            AutoCaller autoCaller(*it);
+            if (FAILED(autoCaller.rc()))
+                continue;
+
             llSnapshotsTodo.push_back(*it);
             current->llChildSnapshots.push_back(settings::Snapshot::Empty);