[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL for-2.5 5/7] aio-epoll: Fix use-after-free of node
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-devel] [PULL for-2.5 5/7] aio-epoll: Fix use-after-free of node |
Date: |
Tue, 17 Nov 2015 19:17:26 +0800 |
From: Fam Zheng <address@hidden>
aio_epoll_update needs the fields in node, so delay the free.
Reported-by: Paolo Bonzini <address@hidden>
Signed-off-by: Fam Zheng <address@hidden>
Message-id: address@hidden
Signed-off-by: Stefan Hajnoczi <address@hidden>
---
aio-posix.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/aio-posix.c b/aio-posix.c
index 06148a9..482b316 100644
--- a/aio-posix.c
+++ b/aio-posix.c
@@ -210,6 +210,7 @@ void aio_set_fd_handler(AioContext *ctx,
{
AioHandler *node;
bool is_new = false;
+ bool deleted = false;
node = find_aio_handler(ctx, fd);
@@ -228,7 +229,7 @@ void aio_set_fd_handler(AioContext *ctx,
* releasing the walking_handlers lock.
*/
QLIST_REMOVE(node, node);
- g_free(node);
+ deleted = true;
}
}
} else {
@@ -253,6 +254,9 @@ void aio_set_fd_handler(AioContext *ctx,
aio_epoll_update(ctx, node, is_new);
aio_notify(ctx);
+ if (deleted) {
+ g_free(node);
+ }
}
void aio_set_event_notifier(AioContext *ctx,
--
2.5.0
- [Qemu-devel] [PULL for-2.5 0/7] Block patches, Stefan Hajnoczi, 2015/11/17
- [Qemu-devel] [PULL for-2.5 1/7] docs: update bitmaps.md, Stefan Hajnoczi, 2015/11/17
- [Qemu-devel] [PULL for-2.5 2/7] tests: Ignore recent test binaries, Stefan Hajnoczi, 2015/11/17
- [Qemu-devel] [PULL for-2.5 3/7] tpm: avoid clang shifting negative signed warning, Stefan Hajnoczi, 2015/11/17
- [Qemu-devel] [PULL for-2.5 4/7] disas/arm: avoid clang shifting negative signed warning, Stefan Hajnoczi, 2015/11/17
- [Qemu-devel] [PULL for-2.5 5/7] aio-epoll: Fix use-after-free of node,
Stefan Hajnoczi <=
- [Qemu-devel] [PULL for-2.5 6/7] block: make 'stats-interval' an array of ints instead of a string, Stefan Hajnoczi, 2015/11/17
- [Qemu-devel] [PULL for-2.5 7/7] virtio-blk: Fix double completion for werror=stop, Stefan Hajnoczi, 2015/11/17
- Re: [Qemu-devel] [PULL for-2.5 0/7] Block patches, Peter Maydell, 2015/11/17