[Qemu-devel] [PATCH] usb-redir: fix use-after-free

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] usb-redir: fix use-after-free

From:	Gerd Hoffmann
Subject:	[Qemu-devel] [PATCH] usb-redir: fix use-after-free
Date:	Wed, 31 Jul 2013 11:21:51 +0200

Reinitialize dev->cs to NULL after deleting it, to make sure it isn't
used afterwards.

Reported-by: Martin Cerveny <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
 hw/usb/redirect.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 8b8c010..e3b9f32 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -1334,6 +1334,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
 
     qemu_chr_delete(dev->cs);
+    dev->cs = NULL;
     /* Note must be done after qemu_chr_close, as that causes a close event */
     qemu_bh_delete(dev->chardev_close_bh);
 
-- 
1.7.9.7

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] usb-redir: fix use-after-free, Gerd Hoffmann <=
- Re: [Qemu-devel] [PATCH] usb-redir: fix use-after-free, Laszlo Ersek, 2013/07/31

Prev by Date: Re: [Qemu-devel] [PATCH] hw/usb/redirect.c: crash in QOM cleanup
Next by Date: Re: [Qemu-devel] [PATCH v5 0/9] Make 'dump-guest-memory' dump in kdump-compressed format
Previous by thread: [Qemu-devel] [PATCH] xhci: fix segfault
Next by thread: Re: [Qemu-devel] [PATCH] usb-redir: fix use-after-free
Index(es):
- Date
- Thread