From 08107826644daa0af710c36aa9282f590e0438dc Mon Sep 17 00:00:00 2001
From: Pavel Hrdina <phrdina@redhat.com>
Date: Tue, 18 Oct 2016 08:59:14 +0200
Subject: [PATCH] qemu_hotplug: fix crash in hot(un)plugging chardev devices

We need to make sure that the chardev is TCP.  Without this check we
may access different part of union and corrupt pointers.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/qemu/qemu_hotplug.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 14af4e11c5..c2ba9357c0 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1729,7 +1729,8 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
     if (qemuDomainChrPreInsert(vmdef, chr) < 0)
         goto cleanup;
 
-    if (cfg->chardevTLS) {
+    if (dev->type == VIR_DOMAIN_CHR_TYPE_TCP &&
+        cfg->chardevTLS) {
         if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
                                          dev->data.tcp.listen,
                                          cfg->chardevTLSx509verify,
@@ -4398,7 +4399,8 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
 
     sa_assert(tmpChr->info.alias);
 
-    if (cfg->chardevTLS &&
+    if (tmpChr->source.type == VIR_DOMAIN_CHR_TYPE_TCP &&
+        cfg->chardevTLS &&
         !(objAlias = qemuAliasTLSObjFromChardevAlias(tmpChr->info.alias)))
         goto cleanup;
 
-- 
2.47.2