qemu: fix use-after-free regression

Commit baade4d fixed a memory leak on failure, but in the process,
introduced a use-after-free on success, which can be triggered with:

1. set bandwidth with --live
2. query bandwidth
3. set bandwidth with --live

* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't
free newBandwidth on success.
Reported by Hu Tao.

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 82bab672a917105353589f9d76325d80e604ea14..110c31b05d8e9bb5fb06094574245700a5603148 100644 (file)
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8034,6 +8034,7 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
 
         virNetDevBandwidthFree(net->bandwidth);
         net->bandwidth = newBandwidth;
+        newBandwidth = NULL;
     }
     if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
         if (!persistentNet->bandwidth) {