From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 2 Apr 2013 21:15:00 +0000 (+0200)
Subject: qemu: Fix crash when updating media with shared device
X-Git-Tag: v1.0.5-rc1~271
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43b6f304bce5937f1e3a852b20b52a772b39b95f;p=thirdparty%2Flibvirt.git

qemu: Fix crash when updating media with shared device

Mimic the fix done in 02b9097274d1330c2e1dca7f598880e09b5c2aa0 to fix crash by
accessing an already freed structure. Also copy the explaining comment why the
pointer can't be accessed any more.
---

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 96bf23503b..552a81b22e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -6073,14 +6073,17 @@ qemuDomainChangeDiskMediaLive(virDomainObjPtr vm,
             goto end;
 
         ret = qemuDomainChangeEjectableMedia(driver, vm, disk, orig_disk, force);
+        /* 'disk' must not be accessed now - it has been freed.
+         * 'orig_disk' now points to the new disk, while 'dev_copy'
+         * now points to the old disk */
+
+        /* Need to remove the shared disk entry for the original
+         * disk src if the operation is either ejecting or updating.
+         */
         if (ret == 0) {
             dev->data.disk = NULL;
-            /* Need to remove the shared disk entry for the original
-             * disk src if the operation is either ejecting or updating.
-             */
-            if (orig_disk->src && STRNEQ_NULLABLE(orig_disk->src, disk->src))
-                ignore_value(qemuRemoveSharedDisk(driver, dev_copy->data.disk,
-                                                  vm->def->name));
+            ignore_value(qemuRemoveSharedDisk(driver, dev_copy->data.disk,
+                                              vm->def->name));
         }
         break;
     default: