qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()

From: Michael S. Tsirkin
Subject: Re: [PATCH] softmmu/qdev-monitor: fix use-after-free in qdev_set_id()
Date: Tue, 2 Nov 2021 13:07:04 -0400 
On Tue, Nov 02, 2021 at 04:33:42PM +0000, Stefan Hajnoczi wrote:
> Reported by Coverity (CID 1465222).
> 
> Fixes: 4a1d937796de0fecd8b22d7dbebf87f38e8282fd ("softmmu/qdev-monitor: add 
> error handling in qdev_set_id")
> Cc: Damien Hedde <damien.hedde@greensocs.com>
> Cc: Kevin Wolf <kwolf@redhat.com>
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

Ouch.

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

> ---
>  softmmu/qdev-monitor.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
> index 4851de51a5..06f86a1a96 100644
> --- a/softmmu/qdev-monitor.c
> +++ b/softmmu/qdev-monitor.c
> @@ -581,8 +581,8 @@ const char *qdev_set_id(DeviceState *dev, char *id, Error 
> **errp)
>          if (prop) {
>              dev->id = id;
>          } else {
> -            g_free(id);
>              error_setg(errp, "Duplicate device ID '%s'", id);
> +            g_free(id);
>              return NULL;
>          }
>      } else {
> -- 
> 2.31.1
reply via email to
[Prev in Thread] Current Thread [Next in Thread]