Found by inspection - after calling virStoragePoolObjAssignDef the
pool is part of the driver->pools.objs list and the failure path
for the virStoragePoolObjSaveDef will use virStoragePoolObjRemove
to remove the pool from the objs list which will unlock and free
the pool pointer (as pools->objs[i] during the loop). Since the call
doesn't clear the pool address from the callee, we need to set it
to NULL; otherwise, the virStoragePoolObjUnlock in the cleanup: code
will fail miserably.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/storage/storage_driver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index e0ded01..1d96618 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -784,6 +784,7 @@ storagePoolDefineXML(virConnectPtr conn,
if (virStoragePoolObjSaveDef(driver, pool, def) < 0) {
virStoragePoolObjRemove(&driver->pools, pool);
def = NULL;
+ pool = NULL;
goto cleanup;
}
def = NULL;
--
2.5.0