[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] aio-epoll: Fix use-after-free of node
From: |
Fam Zheng |
Subject: |
[Qemu-devel] [PATCH] aio-epoll: Fix use-after-free of node |
Date: |
Mon, 16 Nov 2015 14:32:14 +0800 |
aio_epoll_update needs the fields in node, so delay the free.
Reported-by: Paolo Bonzini <address@hidden>
Signed-off-by: Fam Zheng <address@hidden>
---
aio-posix.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/aio-posix.c b/aio-posix.c
index 06148a9..482b316 100644
--- a/aio-posix.c
+++ b/aio-posix.c
@@ -210,6 +210,7 @@ void aio_set_fd_handler(AioContext *ctx,
{
AioHandler *node;
bool is_new = false;
+ bool deleted = false;
node = find_aio_handler(ctx, fd);
@@ -228,7 +229,7 @@ void aio_set_fd_handler(AioContext *ctx,
* releasing the walking_handlers lock.
*/
QLIST_REMOVE(node, node);
- g_free(node);
+ deleted = true;
}
}
} else {
@@ -253,6 +254,9 @@ void aio_set_fd_handler(AioContext *ctx,
aio_epoll_update(ctx, node, is_new);
aio_notify(ctx);
+ if (deleted) {
+ g_free(node);
+ }
}
void aio_set_event_notifier(AioContext *ctx,
--
2.4.3
- [Qemu-devel] [PATCH] aio-epoll: Fix use-after-free of node,
Fam Zheng <=