From 1cbe145af6e59574945cf43ad9bed7d4d6961fbf Mon Sep 17 00:00:00 2001
From: Xu Yandong <xuyandong2@huawei.com>
Date: Wed, 25 Dec 2019 10:37:54 +0800
Subject: [PATCH] qemu: Don't leak domain def when RevertToSnapshot fails

Once we copy the domain definition from virDomainSnapshotDef, we either
need to assign it to the domain object or free it to avoid memory leaks.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
(cherry-picked from commit 33c05f8b446f859d7b72780e584b941705470fea)
Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
---
 src/qemu/qemu_driver.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 296f27e..7ff7d92 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -16204,6 +16204,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
     virCPUDefPtr origCPU = NULL;
     unsigned int start_flags = VIR_QEMU_PROCESS_START_GEN_VMID;
     qemuDomainAsyncJob jobType = QEMU_ASYNC_JOB_START;
+    bool defined = false;
 
     virCheckFlags(VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING |
                   VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED |
@@ -16414,13 +16415,18 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
                 virDomainObjAssignDef(vm, config, false, NULL);
                 virCPUDefFree(priv->origCPU);
                 VIR_STEAL_PTR(priv->origCPU, origCPU);
+                config = NULL;
+                defined = true;
             }
         } else {
             /* Transitions 2, 3 */
         load:
             was_stopped = true;
-            if (config)
+            if (config) {
                 virDomainObjAssignDef(vm, config, false, NULL);
+                config = NULL;
+                defined = true;
+            }
 
             /* No cookie means libvirt which saved the domain was too old to
              * mess up the CPU definitions.
@@ -16506,8 +16512,11 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
             qemuProcessEndJob(driver, vm);
             goto cleanup;
         }
-        if (config)
+        if (config) {
             virDomainObjAssignDef(vm, config, false, NULL);
+            config = NULL;
+            defined = true;
+        }
 
         if (flags & (VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING |
                      VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED)) {
@@ -16575,7 +16584,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
     } else if (snap) {
         virDomainSnapshotSetCurrent(vm->snapshots, NULL);
     }
-    if (ret == 0 && config && vm->persistent &&
+    if (ret == 0 && defined && vm->persistent &&
         !(ret = virDomainSaveConfig(cfg->configDir, driver->caps,
                                     vm->newDef ? vm->newDef : vm->def))) {
         detail = VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT;
@@ -16591,6 +16600,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot,
     virObjectUnref(cfg);
     virNWFilterUnlockFilterUpdates();
     virCPUDefFree(origCPU);
+    virDomainDefFree(config);
 
     return ret;
 }
-- 
2.21.0