qemu: Avoid crash in qemuDiskGetActualType

Libvirtd would crash if a domain contained an empty cdrom drive of
type='volume' as the disk def->srcpool member would be dereferenced. Fix
it by checking if the source pool is present before dereferencing it.

Also alter tests to catch this issue in the future.

Reported by: Kevin Shanahan
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1056328

src/qemu/qemu_conf.c

@@ -1302,7 +1302,7 @@ cleanup:
 int
 qemuDiskGetActualType(virDomainDiskDefPtr def)
 {
-    if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME)
+    if (def->type == VIR_DOMAIN_DISK_TYPE_VOLUME && def->srcpool)
         return def->srcpool->actualtype;
 
     return def->type;

tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.args

@@ -3,6 +3,8 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=none \
 -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive \
 file=/some/block/device/cdrom,if=none,media=cdrom,id=drive-ide0-0-1 -device \
 ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -drive \
+if=none,media=cdrom,id=drive-ide0-1-0 -device \
+ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive \
 file=/tmp/idedisk.img,if=none,id=drive-ide0-0-2 -device \
 ide-drive,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 -device \
 virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4

tests/qemuxml2argvdata/qemuxml2argv-disk-source-pool.xml

@@ -24,6 +24,12 @@
       <readonly/>
       <address type='drive' controller='0' bus='0' target='0' unit='1'/>
     </disk>
+    <disk type='volume' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <target dev='hdc' bus='ide'/>
+      <readonly/>
+      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
+    </disk>
     <disk type='file' device='disk'>
       <source file='/tmp/idedisk.img'/>
       <target dev='hdc' bus='ide'/>