qemu: fix use-after-free regression

Commit baade4d fixed a memory leak on failure, but in the process, introduced a use-after-free on success, which can be triggered with: 1. set bandwidth with --live 2. query bandwidth 3. set bandwidth with --live * src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't free newBandwidth on success. Reported by Hu Tao.

qemu: fix use-after-free regression
Commit baade4d fixed a memory leak on failure, but in the process, introduced a use-after-free on success, which can be triggered with: 1. set bandwidth with --live 2. query bandwidth 3. set bandwidth with --live * src/qemu/qemu_driver.c (qemuDomainSetInterfaceParameters): Don't free newBandwidth on success. Reported by Hu Tao.
820a2159 · Eric Blake · 302fe95f · 820a2159
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

src/qemu/qemu_driver.c src/qemu/qemu_driver.c +1 -0

未找到文件。
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -8034,6 +8034,7 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
        virNetDevBandwidthFree(net->bandwidth);
        net->bandwidth = newBandwidth;
+        newBandwidth = NULL;
    }
    if (flags & VIR_DOMAIN_AFFECT_CONFIG) {
        if (!persistentNet->bandwidth) {