Mimic the fix done in 02b9097274d1330c2e1dca7f598880e09b5c2aa0 to fix crash by accessing an already freed structure. Also copy the explaining comment why the pointer can't be accessed any more. --- src/qemu/qemu_driver.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 96bf235..552a81b 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -6073,14 +6073,17 @@ qemuDomainChangeDiskMediaLive(virDomainObjPtr vm, goto end; ret = qemuDomainChangeEjectableMedia(driver, vm, disk, orig_disk, force); + /* 'disk' must not be accessed now - it has been freed. + * 'orig_disk' now points to the new disk, while 'dev_copy' + * now points to the old disk */ + + /* Need to remove the shared disk entry for the original + * disk src if the operation is either ejecting or updating. + */ if (ret == 0) { dev->data.disk = NULL; - /* Need to remove the shared disk entry for the original - * disk src if the operation is either ejecting or updating. - */ - if (orig_disk->src && STRNEQ_NULLABLE(orig_disk->src, disk->src)) - ignore_value(qemuRemoveSharedDisk(driver, dev_copy->data.disk, - vm->def->name)); + ignore_value(qemuRemoveSharedDisk(driver, dev_copy->data.disk, + vm->def->name)); } break; default: -- 1.8.1.5