From ee67069c73cb91e3762cc63587d2a14d9a7253af Mon Sep 17 00:00:00 2001
From: John Ferlan <jferlan@redhat.com>
Date: Thu, 25 Feb 2016 15:47:56 -0500
Subject: [PATCH] storage: Fix error path in storagePoolDefineXML

Found by inspection - after calling virStoragePoolObjAssignDef the
pool is part of the driver->pools.objs list and the failure path
for the virStoragePoolObjSaveDef will use virStoragePoolObjRemove
to remove the pool from the objs list which will unlock and free
the pool pointer (as pools->objs[i] during the loop). Since the call
doesn't clear the pool address from the callee, we need to set it
to NULL; otherwise, the virStoragePoolObjUnlock in the cleanup: code
will fail miserably.
---
 src/storage/storage_driver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index e0ded01619..1d96618b16 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -784,6 +784,7 @@ storagePoolDefineXML(virConnectPtr conn,
     if (virStoragePoolObjSaveDef(driver, pool, def) < 0) {
         virStoragePoolObjRemove(&driver->pools, pool);
         def = NULL;
+        pool = NULL;
         goto cleanup;
     }
     def = NULL;
-- 
2.39.5