[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 02/28] io: avoid double-free when closing QIOChannelB

From: Amit Shah
Subject: [Qemu-devel] [PULL 02/28] io: avoid double-free when closing QIOChannelBuffer
Date: Thu, 26 May 2016 11:41:53 +0530

From: "Daniel P. Berrange" <address@hidden>

The QIOChannelBuffer's close implementation will free
the internal data buffer. It failed to reset the pointer
to NULL though, so when the object is later finalized
it will free it a second time with predictable crash.

Reviewed-by: Dr. David Alan Gilbert <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Reviewed-by: Juan Quintela <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Amit Shah <address@hidden>
 io/channel-buffer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/io/channel-buffer.c b/io/channel-buffer.c
index 3e5117b..43d7959 100644
--- a/io/channel-buffer.c
+++ b/io/channel-buffer.c
@@ -140,6 +140,7 @@ static int qio_channel_buffer_close(QIOChannel *ioc,
     QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc);
+    bioc->data = NULL;
     bioc->capacity = bioc->usage = bioc->offset = 0;
     return 0;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]