From cdf8379fbddb8c51f35af2934908e80524a3fd6a Mon Sep 17 00:00:00 2001
From: Xu Yandong <xuyandong2@huawei.com>
Date: Wed, 15 Apr 2020 14:03:07 +0800
Subject: nodedev: fix potential heap use after free

After move device enumumeration into a thread(commit 9f0ae0b18e3),
flag driversInitialized no longer represent stateInitialized finished
complete, so reference driver->devs before use it to prevent devs freed
by virStateCleanup.

Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
---
 src/node_device/node_device_udev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 8451903..a1391fb 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1261,8 +1261,8 @@ udevSetParent(struct udev_device *device,
     virNodeDeviceDefPtr objdef;
 
     parent_device = device;
+    virObjectRef(driver->devs);
     do {
-
         parent_device = udev_device_get_parent(parent_device);
         if (parent_device == NULL)
             break;
@@ -1272,6 +1272,7 @@ udevSetParent(struct udev_device *device,
             virReportError(VIR_ERR_INTERNAL_ERROR,
                            _("Could not get syspath for parent of '%s'"),
                            udev_device_get_syspath(parent_device));
+            virObjectUnref(driver->devs);
             return -1;
         }
 
@@ -1289,6 +1290,7 @@ udevSetParent(struct udev_device *device,
     if (!def->parent)
         def->parent = g_strdup("computer");
 
+    virObjectUnref(driver->devs);
     return 0;
 }
 
-- 
2.23.0