From c70aca8e3aa358b5451d5b0d45bf6802ceb9ad94 Mon Sep 17 00:00:00 2001
Message-Id: <c70aca8e3aa358b5451d5b0d45bf6802ceb9ad94@dist-git>
From: Martin Kletzander <mkletzan@redhat.com>
Date: Thu, 10 Nov 2016 10:16:58 +0100
Subject: [PATCH] qemu: Fix double free when live-attaching shmem
https://bugzilla.redhat.com/show_bug.cgi?id=1392031
Function qemuDomainAttachShmemDevice() steals the device data if the
hotplug was successful, but the condition checked for unsuccessful
execution otherwise.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit cca34e38fd32dbafa2c647f41a7dfb30d1e2e0a9)
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 9b4d54b..1e02a7f 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -7522,7 +7522,7 @@ qemuDomainAttachDeviceLive(virDomainObjPtr vm,
case VIR_DOMAIN_DEVICE_SHMEM:
ret = qemuDomainAttachShmemDevice(driver, vm,
dev->data.shmem);
- if (ret < 0) {
+ if (!ret) {
alias = dev->data.shmem->info.alias;
dev->data.shmem = NULL;
}
--
2.10.2