From c70aca8e3aa358b5451d5b0d45bf6802ceb9ad94 Mon Sep 17 00:00:00 2001
Message-Id: <c70aca8e3aa358b5451d5b0d45bf6802ceb9ad94@dist-git>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Thu, 10 Nov 2016 10:16:58 +0100
Subject: [PATCH] qemu: Fix double free when live-attaching shmem

https://bugzilla.redhat.com/show_bug.cgi?id=1392031

Function qemuDomainAttachShmemDevice() steals the device data if the
hotplug was successful, but the condition checked for unsuccessful
execution otherwise.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit cca34e38fd32dbafa2c647f41a7dfb30d1e2e0a9)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
 src/qemu/qemu_driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 9b4d54b..1e02a7f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7522,7 +7522,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
     case VIR_DOMAIN_DEVICE_SHMEM:
         ret = qemuDomainAttachShmemDevice(driver, vm,
                                           dev->data.shmem);
-        if (ret < 0) {
+        if (!ret) {
             alias = dev->data.shmem->info.alias;
             dev->data.shmem = NULL;
         }
-- 
2.10.2