From 2a702717ceb9d0a97bfe82e826b33a767a9c1d22 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Tue, 2 Apr 2013 23:15:00 +0200 Subject: [PATCH] qemu: Fix crash when updating media with shared device Mimic the fix done in 02b9097274d1330c2e1dca7f598880e09b5c2aa0 to fix crash by accessing an already freed structure. Also copy the explaining comment why the pointer can't be accessed any more. (cherry picked from commit 43b6f304bce5937f1e3a852b20b52a772b39b95f) --- src/qemu/qemu_driver.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 96bf23503b..552a81b22e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6073,14 +6073,17 @@ qemuDomainChangeDiskMediaLive(virDomainObjPtr vm, goto end; ret = qemuDomainChangeEjectableMedia(driver, vm, disk, orig_disk, force); + /* 'disk' must not be accessed now - it has been freed. + * 'orig_disk' now points to the new disk, while 'dev_copy' + * now points to the old disk */ + + /* Need to remove the shared disk entry for the original + * disk src if the operation is either ejecting or updating. + */ if (ret == 0) { dev->data.disk = NULL; - /* Need to remove the shared disk entry for the original - * disk src if the operation is either ejecting or updating. - */ - if (orig_disk->src && STRNEQ_NULLABLE(orig_disk->src, disk->src)) - ignore_value(qemuRemoveSharedDisk(driver, dev_copy->data.disk, - vm->def->name)); + ignore_value(qemuRemoveSharedDisk(driver, dev_copy->data.disk, + vm->def->name)); } break; default: