[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 2/4] monitor: fix access freed memory
From: |
Alex Bennée |
Subject: |
Re: [Qemu-devel] [PATCH 2/4] monitor: fix access freed memory |
Date: |
Mon, 04 Aug 2014 10:01:09 +0100 |
zhanghailiang writes:
> The function monitor_fdset_dup_fd_find_remove() references member of
> 'mon_fdset'
> which may be freed in function monitor_fdset_cleanup()
>
> Signed-off-by: zhanghailiang <address@hidden>
> ---
> monitor.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/monitor.c b/monitor.c
> index 5bc70a6..41e46a6 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -2532,8 +2532,10 @@ static int monitor_fdset_dup_fd_find_remove(int
> dup_fd, bool remove)
> {
> MonFdset *mon_fdset;
> MonFdsetFd *mon_fdset_fd_dup;
> + int64_t id = -1;
>
> QLIST_FOREACH(mon_fdset, &mon_fdsets, next) {
> + id = mon_fdset->id;
> QLIST_FOREACH(mon_fdset_fd_dup, &mon_fdset->dup_fds, next) {
> if (mon_fdset_fd_dup->fd == dup_fd) {
> if (remove) {
> @@ -2542,7 +2544,7 @@ static int monitor_fdset_dup_fd_find_remove(int dup_fd,
> bool remove)
> monitor_fdset_cleanup(mon_fdset);
> }
> }
> - return mon_fdset->id;
> + return id;
> }
> }
> }
If monitor_fdset_cleanup closes the FD won't you now be passing an
invalid fd to the calling function?
--
Alex Bennée
[Qemu-devel] [PATCH 2/4] monitor: fix access freed memory, zhanghailiang, 2014/08/04
- Re: [Qemu-devel] [PATCH 2/4] monitor: fix access freed memory,
Alex Bennée <=
[Qemu-devel] [PATCH 3/4] virtio-blk: fix reference a pointer which might be freed, zhanghailiang, 2014/08/04