network: Set to NULL after virNetworkDefFree()

which frees all allocated memory but doesn't set the passed pointer to
NULL.  Therefore, we must do it ourselves. This is causing actual
libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should
be dropped.  And the memory is freed, indeed. However, the pointer is
not set to NULL but kept instead. And the next duo of calls 'virsh
net-start' and 'virsh net-destroy' starts the disaster. The latter one
does the same as 'virsh destroy'; it sees that newDef is nonNULL so it
replaces def with newDef (which has been freed already as said a few
lines above). Therefore any subsequent call accessing def will hit the ground.

diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index 891d48c3d76078c541471cbed8259b9247cb91d1..0f7470dfa6d0b1f5f5876ab467f567549ba0e3c1 100644 (file)
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -260,8 +260,9 @@ virNetworkObjAssignDef(virNetworkObjPtr network,
             return -1;
         }
     } else if (!live) {
-        virNetworkDefFree(network->newDef); /* should be unnecessary */
+        virNetworkDefFree(network->newDef);
         virNetworkDefFree(network->def);
+        network->newDef = NULL;
         network->def = def;
     } else {
         virReportError(VIR_ERR_OPERATION_INVALID,