[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 19/21] virtio-blk: Fix use after free in error case
From: |
Luiz Capitulino |
Subject: |
[Qemu-devel] [PATCH 19/21] virtio-blk: Fix use after free in error case |
Date: |
Mon, 5 Apr 2010 17:34:00 -0300 |
From: Kevin Wolf <address@hidden>
virtio_blk_req_complete frees the request, so we can't access it any more when
calling bdrv_mon_event. Use the pointer that was copied earlier.
Signed-off-by: Kevin Wolf <address@hidden>
Signed-off-by: Luiz Capitulino <address@hidden>
---
hw/virtio-blk.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/virtio-blk.c b/hw/virtio-blk.c
index 9915840..01d77b8 100644
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@@ -65,7 +65,7 @@ static int virtio_blk_handle_rw_error(VirtIOBlockReq *req,
int error,
VirtIOBlock *s = req->dev;
if (action == BLOCK_ERR_IGNORE) {
- bdrv_mon_event(req->dev->bs, BDRV_ACTION_IGNORE, is_read);
+ bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
return 0;
}
@@ -73,11 +73,11 @@ static int virtio_blk_handle_rw_error(VirtIOBlockReq *req,
int error,
|| action == BLOCK_ERR_STOP_ANY) {
req->next = s->rq;
s->rq = req;
- bdrv_mon_event(req->dev->bs, BDRV_ACTION_STOP, is_read);
+ bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
vm_stop(0);
} else {
virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
- bdrv_mon_event(req->dev->bs, BDRV_ACTION_REPORT, is_read);
+ bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
}
return 1;
--
1.7.0.4.297.g6555b1
- [Qemu-devel] [PATCH 17/21] monitor: Use argument type 'b' for set_link, (continued)
- [Qemu-devel] [PATCH 17/21] monitor: Use argument type 'b' for set_link, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 02/21] monitor: convert do_device_del() to QObject, QError, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 15/21] monitor: Rename argument type 'b' to 'f', Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 09/21] error: Drop extra messages after qemu_opts_set() and qemu_opts_parse(), Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 05/21] error: New QERR_DUPLICATE_ID, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 08/21] error: Convert qemu_opts_set() to QError, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 16/21] monitor: New argument type 'b', Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 14/21] monitor: New commands netdev_add, netdev_del, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 13/21] error: New QERR_DEVICE_IN_USE, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 11/21] error: Convert qemu_opts_validate() to QError, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 19/21] virtio-blk: Fix use after free in error case,
Luiz Capitulino <=
- [Qemu-devel] [PATCH 21/21] Monitor: Convert do_screen_dump() to QObject, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 18/21] monitor: Convert do_set_link() to QObject, QError, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 10/21] error: Use QERR_INVALID_PARAMETER_VALUE instead of QERR_INVALID_PARAMETER, Luiz Capitulino, 2010/04/05
- [Qemu-devel] [PATCH 03/21] Add qerror message if the 'change' target filename can't be opened, Luiz Capitulino, 2010/04/05
- Re: [Qemu-devel] [PATCH 00/21][PULL]: QMP/Monitor queue, Aurelien Jarno, 2010/04/18