nwfilter: Fix double free of pointer

https://bugzilla.redhat.com/show_bug.cgi?id=1071181

Commit 49b59a15 fixed one problem but masks another one related to pointer
freeing.

Avoid putting of the virNWFilterSnoopReq once the thread has been started.
It belongs to the thread and the thread will call virNWFilterSnoopReqPut() on it.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index d2a806211c901740ad5065d4218c1f27d1bf5103..340760471c5fcc0ec208d901460bfeb79e99d9d4 100644 (file)
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -1605,6 +1605,7 @@ virNWFilterDHCPSnoopReq(virNWFilterTechDriverPtr techdriver,
     int tmp;
     virThread thread;
     virNWFilterVarValuePtr dhcpsrvrs;
+    bool threadPuts = false;
 
     virNWFilterSnoopIFKeyFMT(ifkey, vmuuid, macaddr);
 
@@ -1698,6 +1699,8 @@ virNWFilterDHCPSnoopReq(virNWFilterTechDriverPtr techdriver,
         goto exit_snoopreq_unlock;
     }
 
+    threadPuts = true;
+
     virAtomicIntInc(&virNWFilterSnoopState.nThreads);
 
     req->threadkey = virNWFilterSnoopActivate(req);
@@ -1737,7 +1740,8 @@ exit_rem_ifnametokey:
 exit_snoopunlock:
     virNWFilterSnoopUnlock();
 exit_snoopreqput:
-    virNWFilterSnoopReqPut(req);
+    if (!threadPuts)
+        virNWFilterSnoopReqPut(req);
 
     return -1;
 }