Message ID | 20200316060631.30052-1-vsementsov@virtuozzo.com (mailing list archive) |
---|---|
Headers | show |
Series | zero pointer after bdrv_unref_child | expand |
On 16.03.20 07:06, Vladimir Sementsov-Ogievskiy wrote: > Hi all! > > I faced use-after-free of bs->backing pointer after bdrv_unref_child in > bdrv_set_backing_hd. > > Fix it, and do similar thing for s->data_file in qcow2.c. > > I'm not sure that this is the full fix. Is it safe to keep bs->backing > during bdrv_unref_child itself? Is it safe to keep bs->backing during > all-child-unref loop in bdrv_close? > > > Vladimir Sementsov-Ogievskiy (2): > block: bdrv_set_backing_bs: fix use-after-free > block/qcow2: zero data_file child after free Thanks, applied to my block branch: https://git.xanclic.moe/XanClic/qemu/commits/branch/block Max