From 0a562de1ff92fae432415ce12e9848483ebcfa38 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 25 Feb 2013 18:44:20 +0100
Subject: [PATCH] qemu: fix use-after-free when parsing NBD disk

disk->src is still used for disks->hosts->name, do not free it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
 src/qemu/qemu_command.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 4f426e59a4..f8f3ade994 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -8832,12 +8832,11 @@ virDomainDefPtr qemuParseCommandLine(virCapsPtr qemuCaps,
                     if (VIR_ALLOC(disk->hosts) < 0)
                         goto no_memory;
                     disk->nhosts = 1;
-                    disk->hosts->name = host;
+                    disk->hosts->name = disk->src;
+                    disk->src = NULL;
                     disk->hosts->port = strdup(port);
                     if (!disk->hosts->port)
                         goto no_memory;
-                    VIR_FREE(disk->src);
-                    disk->src = NULL;
                     break;
                 case VIR_DOMAIN_DISK_PROTOCOL_RBD:
                     /* old-style CEPH_ARGS env variable is parsed later */
-- 
2.39.5