[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/6] block/mirror: fix use after free of local_err
From: |
John Snow |
Subject: |
Re: [PATCH 2/6] block/mirror: fix use after free of local_err |
Date: |
Tue, 24 Mar 2020 13:10:40 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
On 3/24/20 11:36 AM, Vladimir Sementsov-Ogievskiy wrote:
> local_err is used again in mirror_exit_common() after
> bdrv_set_backing_hd(), so we must zero it. Otherwise try to set
> non-NULL local_err will crash.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
> ---
> block/mirror.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/block/mirror.c b/block/mirror.c
> index 447051dbc6..6203e5946e 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -678,6 +678,7 @@ static int mirror_exit_common(Job *job)
> bdrv_set_backing_hd(target_bs, backing, &local_err);
> if (local_err) {
> error_report_err(local_err);
> + local_err = NULL;
> ret = -EPERM;
> }
> }
>
Reviewed-by: John Snow <address@hidden>
[PATCH 1/6] scripts/coccinelle: add error-use-after-free.cocci, Vladimir Sementsov-Ogievskiy, 2020/03/24