qom: In function object_set_link_property(), first call object_ref(), then object_unr...

In the old implementation, if the new value of the property links
to the same object, as the old value, that object is first unref-ed,
and then ref-ed. This leads to unintended deinitialization of that object.

In the new implementation, this is fixed.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Barabash <alexander_barabash@mentor.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

diff --git a/qom/object.c b/qom/object.c
index d858c047052167ca8c955483b2dd217b36eb7613..aa037d299f7fa596c6784965b6c698ef2c2e287e 100644 (file)
--- a/qom/object.c
+++ b/qom/object.c
@@ -892,6 +892,7 @@ static void object_set_link_property(Object *obj, Visitor *v, void *opaque,
                                      const char *name, Error **errp)
 {
     Object **child = opaque;
+    Object *old_target;
     bool ambiguous = false;
     const char *type;
     char *path;
@@ -901,10 +902,8 @@ static void object_set_link_property(Object *obj, Visitor *v, void *opaque,
 
     visit_type_str(v, &path, name, errp);
 
-    if (*child) {
-        object_unref(*child);
-        *child = NULL;
-    }
+    old_target = *child;
+    *child = NULL;
 
     if (strcmp(path, "") != 0) {
         Object *target;
@@ -930,6 +929,10 @@ static void object_set_link_property(Object *obj, Visitor *v, void *opaque,
     }
 
     g_free(path);
+
+    if (old_target != NULL) {
+        object_unref(old_target);
+    }
 }
 
 void object_property_add_link(Object *obj, const char *name,