qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH] block: Fix use after free error in bdrv_open_in


From: Alberto Garcia
Subject: Re: [Qemu-block] [PATCH] block: Fix use after free error in bdrv_open_inherit()
Date: Mon, 10 Sep 2018 11:34:35 +0200
User-agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (i586-pc-linux-gnu)

On Mon 10 Sep 2018 10:34:20 AM CEST, Kevin Wolf <address@hidden> wrote:
> Am 06.09.2018 um 16:25 hat Alberto Garcia geschrieben:
>> When a block device is opened with BDRV_O_SNAPSHOT and the
>> bdrv_append_temp_snapshot() call fails then the error code path tries
>> to unref the already destroyed 'options' QDict.
>> 
>> This can be reproduced easily by setting TMPDIR to a location where
>> the QEMU process can't write:
>> 
>>    $ TMPDIR=/nonexistent $QEMU -drive driver=null-co,snapshot=on
>> 
>> Signed-off-by: Alberto Garcia <address@hidden>
>
> Thanks, applied to the block branch.
>
> But can we add the reproducer to some iotests case?

Yup, I just sent it.

Berto



reply via email to

[Prev in Thread] Current Thread [Next in Thread]