[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 24/25] qdev: Fix use after free in qdev_init_nofail e
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PULL 24/25] qdev: Fix use after free in qdev_init_nofail error path |
Date: |
Tue, 2 Aug 2016 21:39:34 +0200 |
From: Fam Zheng <address@hidden>
Since 69382d8b (qdev: Fix object reference leak in case device.realize()
fails), object_property_set_bool could release the object. The error
path wants the type name, so hold an reference before realizing it.
Cc: Igor Mammedov <address@hidden>
Signed-off-by: Fam Zheng <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: John Snow <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/core/qdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index ee4a083..5783442 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -354,12 +354,14 @@ void qdev_init_nofail(DeviceState *dev)
assert(!dev->realized);
+ object_ref(OBJECT(dev));
object_property_set_bool(OBJECT(dev), true, "realized", &err);
if (err) {
error_reportf_err(err, "Initialization of device %s failed: ",
object_get_typename(OBJECT(dev)));
exit(1);
}
+ object_unref(OBJECT(dev));
}
void qdev_machine_creation_done(void)
--
2.7.4
- [Qemu-devel] [PULL 14/25] i2c: fix migration regression introduced by broadcast support, (continued)
- [Qemu-devel] [PULL 14/25] i2c: fix migration regression introduced by broadcast support, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 15/25] nbd: Fix bad flag detection on server, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 19/25] fw_cfg: Make base type "fw_cfg" abstract, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 18/25] block: Cater to iscsi with non-power-of-2 discard, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 17/25] osdep: Document differences in rounding macros, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 16/25] nbd: Limit nbdflags to 16 bits, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 20/25] apic: fix broken migration for kvm-apic, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 21/25] x86: ioapic: ignore level irq during processing, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 22/25] x86: ioapic: add support for explicit EOI, Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 25/25] util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset', Paolo Bonzini, 2016/08/02
- [Qemu-devel] [PULL 24/25] qdev: Fix use after free in qdev_init_nofail error path,
Paolo Bonzini <=
- [Qemu-devel] [PULL 23/25] Reorganize help output of '-display' option, Paolo Bonzini, 2016/08/02
- Re: [Qemu-devel] [PULL 00/25] Misc QEMU fixes for 2016-08-02, Peter Maydell, 2016/08/03