storage: Fix error path in storagePoolDefineXML

Found by inspection - after calling virStoragePoolObjAssignDef the
pool is part of the driver->pools.objs list and the failure path
for the virStoragePoolObjSaveDef will use virStoragePoolObjRemove
to remove the pool from the objs list which will unlock and free
the pool pointer (as pools->objs[i] during the loop). Since the call
doesn't clear the pool address from the callee, we need to set it
to NULL; otherwise, the virStoragePoolObjUnlock in the cleanup: code
will fail miserably.

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index e0ded0161994930a7483930516ca6aaf9a0595ad..1d96618b161d10b0f24f138c75b20ab64cc8f870 100644 (file)
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -784,6 +784,7 @@ storagePoolDefineXML(virConnectPtr conn,
     if (virStoragePoolObjSaveDef(driver, pool, def) < 0) {
         virStoragePoolObjRemove(&driver->pools, pool);
         def = NULL;
+        pool = NULL;
         goto cleanup;
     }
     def = NULL;