From 9d90578bf516e3feae9841d70be7212ea622a754 Mon Sep 17 00:00:00 2001
From: Etienne Buira <etienne@etbui.net>
Date: Tue, 1 Jul 2014 09:47:15 +0200
Subject: [PATCH 2/2] do_delvm: nullify err after free

In case of errorS in a row, error_propagate (called by
bdrv_snapshot_delete_by_id_or_name) left msg pointer to (freed) space.
This pointer was then used to print a string, and freed again.
---
 savevm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/savevm.c b/savevm.c
index 71bba79..0c183a6 100644
--- a/savevm.c
+++ b/savevm.c
@@ -1130,6 +1130,7 @@ void do_delvm(Monitor *mon, const QDict *qdict)
                                bdrv_get_device_name(bs1),
                                error_get_pretty(err));
                 error_free(err);
+                err = NULL;
             }
         }
     }
-- 
1.8.5.5