From: Guannan Ren <gren@redhat.com>
Date: Mon, 12 Mar 2012 15:50:02 +0000 (+0800)
Subject: qemu: fix segfault when detaching non-existent network device
X-Git-Tag: v0.9.11-rc1~78
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=19c7980ee6ca94308313b440fd39f308b4ae844e;p=thirdparty%2Flibvirt.git

qemu: fix segfault when detaching non-existent network device

In qemuDomainDetachNetDevice, detach was being used before it had been
validated. If no matching device was found, this resulted in a
dereference of a NULL pointer.

This behavior was a regression introduced in commit
cf90342be0022520e25cfa258cef1034b229a100, so it has not been a part of
any official libvirt release.
---

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 1e563545b6..e088a49121 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2081,13 +2081,6 @@ qemuDomainDetachNetDevice(struct qemud_driver *driver,
         }
     }
 
-    if (virDomainNetGetActualType(detach) == VIR_DOMAIN_NET_TYPE_HOSTDEV) {
-        ret = qemuDomainDetachThisHostDevice(driver, vm,
-                                             virDomainNetGetActualHostdev(detach),
-                                             -1);
-        goto cleanup;
-    }
-
     if (!detach) {
         qemuReportError(VIR_ERR_OPERATION_FAILED,
                         _("network device %02x:%02x:%02x:%02x:%02x:%02x not found"),
@@ -2097,6 +2090,13 @@ qemuDomainDetachNetDevice(struct qemud_driver *driver,
         goto cleanup;
     }
 
+    if (virDomainNetGetActualType(detach) == VIR_DOMAIN_NET_TYPE_HOSTDEV) {
+        ret = qemuDomainDetachThisHostDevice(driver, vm,
+                                             virDomainNetGetActualHostdev(detach),
+                                             -1);
+        goto cleanup;
+    }
+
     if (!virDomainDeviceAddressIsValid(&detach->info,
                                        VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI)) {
         qemuReportError(VIR_ERR_OPERATION_FAILED,