[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] PATCH: Avoid SEGV in IOHandler dispatch

From: Daniel P. Berrange
Subject: [Qemu-devel] PATCH: Avoid SEGV in IOHandler dispatch
Date: Mon, 13 Aug 2007 20:06:41 +0100
User-agent: Mutt/1.4.1i

The code in main_loop_wait() which handles dispatching of IOHandlers only
checks the 'deleted' flag once per iteration. If a handler was registered
for both read & write events initially, and the read callback removes the
handler, then the write callback will be set to NULL. If select() reported
that there was a write event pending as well, then this will lead to  QEMU
crashing when trying to invoke the NULL write callback. A similar problem
occurs if the handler was registered for read+write, and the read handler
updates it to only select for read in the future - the write callback will
be set to NULL. The attached patch adds neccessary checks to protect against
this problem.

   Signed-off-by: Daniel P. Berrange <address@hidden>

|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Attachment: iohandler-delete.patch
Description: Text document

reply via email to

[Prev in Thread] Current Thread [Next in Thread]