From 3eb4f0c2a392b15406af944af98065c12634affd Mon Sep 17 00:00:00 2001
From: Sungwoo Kim <contact@sung-woo.kim>
Date: Tue, 20 Feb 2024 00:56:30 -0500
Subject: vm/qemu.go: fix nil-ptr-deref in ctor

os.Stat() may return (nil, err) if it fails to open a file.
So, the code below wrongly validates st as it will be always nil
if err != nil, causing nil pointer dereference in st.Size().

```
if st, err := os.Stat(inst.image); err != nil && st.Size() == 0 {
```

To fix this, this patch allows st.Size() only if err == nil.
---
 vm/qemu/qemu.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vm/qemu/qemu.go b/vm/qemu/qemu.go
index 9cb7f565b..b3f1ca0bc 100644
--- a/vm/qemu/qemu.go
+++ b/vm/qemu/qemu.go
@@ -376,7 +376,7 @@ func (pool *Pool) ctor(workdir, sshkey, sshuser string, index int) (vmimpl.Insta
 		sshuser:    sshuser,
 		diagnose:   make(chan bool, 1),
 	}
-	if st, err := os.Stat(inst.image); err != nil && st.Size() == 0 {
+	if st, err := os.Stat(inst.image); err == nil && st.Size() == 0 {
 		// Some kernels may not need an image, however caller may still
 		// want to pass us a fake empty image because the rest of syzkaller
 		// assumes that an image is mandatory. So if the image is empty, we ignore it.
-- 
cgit mrf-deployment