From: Eric Blake <eblake@redhat.com>
Date: Thu, 5 Jan 2012 17:21:34 +0000 (-0700)
Subject: qemu: fix use-after-free regression
X-Git-Tag: v0.9.9~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=820a2159e996fb6f72ce7a5f6af12f653deef127;p=thirdparty%2Flibvirt.git

qemu: fix use-after-free regression

Commit baade4d fixed a memory leak on failure, but in the process,
introduced a use-after-free on success, which can be triggered with:

1. set bandwidth with --live
2. query bandwidth
3. set bandwidth with --live

* src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't
free newBandwidth on success.
Reported by Hu Tao.
---

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 82bab672a9..110c31b05d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8034,6 +8034,7 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
 
         virNetDevBandwidthFree(net->bandwidth);
         net->bandwidth = newBandwidth;
+        newBandwidth = NULL;
     }
     if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
         if (!persistentNet->bandwidth) {