From: Michal Privoznik Date: Thu, 18 Oct 2012 14:28:35 +0000 (+0200) Subject: network: Set to NULL after virNetworkDefFree() X-Git-Tag: v0.10.2.1~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec08a738e8644e6edef846747019a9ccbba4f597;p=thirdparty%2Flibvirt.git network: Set to NULL after virNetworkDefFree() which frees all allocated memory but doesn't set the passed pointer to NULL. Therefore, we must do it ourselves. This is causing actual libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should be dropped. And the memory is freed, indeed. However, the pointer is not set to NULL but kept instead. And the next duo of calls 'virsh net-start' and 'virsh net-destroy' starts the disaster. The latter one does the same as 'virsh destroy'; it sees that newDef is nonNULL so it replaces def with newDef (which has been freed already as said a few lines above). Therefore any subsequent call accessing def will hit the ground. (cherry picked from commit b7e9202401ebaa039b8f05acdefda8c24081537a) --- diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c index a2d82d4326..ebc8061a2e 100644 --- a/src/conf/network_conf.c +++ b/src/conf/network_conf.c @@ -260,8 +260,9 @@ virNetworkObjAssignDef(virNetworkObjPtr network, return -1; } } else if (!live) { - virNetworkDefFree(network->newDef); /* should be unnecessary */ + virNetworkDefFree(network->newDef); virNetworkDefFree(network->def); + network->newDef = NULL; network->def = def; } else { virReportError(VIR_ERR_OPERATION_INVALID,