[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 01/10] block/mirror: fix use after free of local_err
From: |
Max Reitz |
Subject: |
[PULL 01/10] block/mirror: fix use after free of local_err |
Date: |
Thu, 26 Mar 2020 15:29:24 +0100 |
From: Vladimir Sementsov-Ogievskiy <address@hidden>
local_err is used again in mirror_exit_common() after
bdrv_set_backing_hd(), so we must zero it. Otherwise try to set
non-NULL local_err will crash.
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Reviewed-by: John Snow <address@hidden>
Signed-off-by: Max Reitz <address@hidden>
---
block/mirror.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/mirror.c b/block/mirror.c
index 447051dbc6..6203e5946e 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -678,6 +678,7 @@ static int mirror_exit_common(Job *job)
bdrv_set_backing_hd(target_bs, backing, &local_err);
if (local_err) {
error_report_err(local_err);
+ local_err = NULL;
ret = -EPERM;
}
}
--
2.25.1
- [PULL 00/10] Block patches for 5.0-rc1, Max Reitz, 2020/03/26
- [PULL 01/10] block/mirror: fix use after free of local_err,
Max Reitz <=
- [PULL 02/10] block: pass BlockDriver reference to the .bdrv_co_create, Max Reitz, 2020/03/26
- [PULL 03/10] block: trickle down the fallback image creation function use to the block drivers, Max Reitz, 2020/03/26
- [PULL 04/10] qcow2: Comment typo fixes, Max Reitz, 2020/03/26
- [PULL 05/10] qcow2: List autoclear bit names in header, Max Reitz, 2020/03/26
- [PULL 07/10] sheepdog: Consistently set bdrv_has_zero_init_truncate, Max Reitz, 2020/03/26
- [PULL 06/10] qcow2: Avoid feature name extension on small cluster size, Max Reitz, 2020/03/26
- [PULL 08/10] qemu-img: Fix check's leak/corruption fix report, Max Reitz, 2020/03/26
- [PULL 09/10] iotests: Add poke_file_[bl]e functions, Max Reitz, 2020/03/26
- [PULL 10/10] iotests/138: Test leaks/corruptions fixed report, Max Reitz, 2020/03/26
- Re: [PULL 00/10] Block patches for 5.0-rc1, Peter Maydell, 2020/03/26