commit eab7ae6bfe13503ea705e70e32edaa60357cbaa1
Author: Peter Krempa <pkrempa@redhat.com>
Date:   Fri Mar 12 10:16:11 2021 +0100

    virLockSpaceNewPostExecRestart: Fix out-of-bounds array access
    
    'res->owners' is allocated to 'res->nOwners' elements, but unfortunately
    'res->nOwners' doesn't contain the proper value until after the
    allocation so 0 elements are allocated. The following loop which assumes
    that the array has the right number of elements then accesses the
    pointer out of bounds. The bug was also faithfully converted from
    VIR_ALLOC_N to g_new0.
    
    Fixes: 4a3d6ed5ee0
    Signed-off-by: Peter Krempa <pkrempa@redhat.com>
    Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

Index: libvirt-7.1.0/src/util/virlockspace.c
===================================================================
--- libvirt-7.1.0.orig/src/util/virlockspace.c
+++ libvirt-7.1.0/src/util/virlockspace.c
@@ -324,7 +324,6 @@ virLockSpacePtr virLockSpaceNewPostExecR
         const char *tmp;
         virJSONValuePtr owners;
         size_t j;
-        size_t m;
 
         res = g_new0(virLockSpaceResource, 1);
         res->fd = -1;
@@ -384,9 +383,8 @@ virLockSpacePtr virLockSpaceNewPostExecR
             goto error;
         }
 
-        m = virJSONValueArraySize(owners);
+        res->nOwners = virJSONValueArraySize(owners);
         res->owners = g_new0(pid_t, res->nOwners);
-        res->nOwners = m;
 
         for (j = 0; j < res->nOwners; j++) {
             unsigned long long int owner;