[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-ppc] [PULL 17/18] spapr_events: use QTAILQ_FOREACH_SAFE() in spapr
From: |
David Gibson |
Subject: |
[Qemu-ppc] [PULL 17/18] spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events() |
Date: |
Fri, 15 Sep 2017 13:51:29 +1000 |
From: Greg Kurz <address@hidden>
QTAILQ_FOREACH_SAFE() must be used when removing the current element
inside the loop block.
This fixes a user-after-free error introduced by commit 56258174238eb
and reported by Coverity (CID 1381017).
Signed-off-by: Greg Kurz <address@hidden>
Signed-off-by: David Gibson <address@hidden>
---
hw/ppc/spapr_events.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 66b8164f30..e377fc7dde 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState
*spapr,
void spapr_clear_pending_events(sPAPRMachineState *spapr)
{
- sPAPREventLogEntry *entry = NULL;
+ sPAPREventLogEntry *entry = NULL, *next_entry;
- QTAILQ_FOREACH(entry, &spapr->pending_events, next) {
+ QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) {
QTAILQ_REMOVE(&spapr->pending_events, entry, next);
g_free(entry->extended_log);
g_free(entry);
--
2.13.5
- [Qemu-ppc] [PULL 00/18] ppc-for-2.11 queue 20170915, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 03/18] spapr_pci: drop useless check in spapr_phb_vfio_get_loc_code(), David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 09/18] spapr_pci: use the common _FDT() helper, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 08/18] spapr: fix CAS-generated reset, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 17/18] spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events(),
David Gibson <=
- [Qemu-ppc] [PULL 13/18] spapr_cpu_core: fail gracefully with non-pseries machine types, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 10/18] spapr_pci: handle FDT creation errors with _FDT(), David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 11/18] vfio, spapr: Fix levels calculation, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 02/18] hw/ppc/spapr.c: cleaning up qdev_get_machine() calls, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 05/18] spapr_pci: use g_strdup_printf(), David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 14/18] spapr_pci: convert sprintf() to g_strdup_printf(), David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 04/18] spapr_pci: drop useless check in spapr_populate_pci_child_dt(), David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 07/18] ppc/xive: fix OV5_XIVE_EXPLOIT bits, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 15/18] spapr_pci: don't create 64-bit MMIO window if we don't need to, David Gibson, 2017/09/14
- [Qemu-ppc] [PULL 06/18] spapr: only update SDR1 once per-cpu during CAS, David Gibson, 2017/09/14