qemu: fix use-after-free when parsing NBD disk

disk->src is still used for disks->hosts->name, do not free it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4f426e59a48b4446dad9839f6f8748245118f57d..f8f3ade99459bbafd89b0aaafcb4cc2ffe9a473d 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8832,12 +8832,11 @@ virDomainDefPtr qemuParseCommandLine(virCapsPtr qemuCaps,
                     if (VIR_ALLOC(disk->hosts) < 0)
                         goto no_memory;
                     disk->nhosts = 1;
-                    disk->hosts->name = host;
+                    disk->hosts->name = disk->src;
+                    disk->src = NULL;
                     disk->hosts->port = strdup(port);
                     if (!disk->hosts->port)
                         goto no_memory;
-                    VIR_FREE(disk->src);
-                    disk->src = NULL;
                     break;
                 case VIR_DOMAIN_DISK_PROTOCOL_RBD:
                     /* old-style CEPH_ARGS env variable is parsed later */