| Message ID | 1457714282-6981-3-git-send-email-berrange@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
* Daniel P. Berrange (berrange@redhat.com) wrote: > The QIOChannelBuffer's close implementation will free > the internal data buffer. It failed to reset the pointer > to NULL though, so when the object is later finalized > it will free it a second time with predictable crash. > > Signed-off-by: Daniel P. Berrange <berrange@redhat.com> > --- > io/channel-buffer.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/io/channel-buffer.c b/io/channel-buffer.c > index 3e5117b..43d7959 100644 > --- a/io/channel-buffer.c > +++ b/io/channel-buffer.c > @@ -140,6 +140,7 @@ static int qio_channel_buffer_close(QIOChannel *ioc, > QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc); > > g_free(bioc->data); > + bioc->data = NULL; > bioc->capacity = bioc->usage = bioc->offset = 0; Would it be better to call qui_channel_buffer_finalize(bioc) here, and put the data = NULL in there? (You could split this out of the series since it could go in any time?) Dave > > return 0; > -- > 2.5.0 > -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
diff --git a/io/channel-buffer.c b/io/channel-buffer.c index 3e5117b..43d7959 100644 --- a/io/channel-buffer.c +++ b/io/channel-buffer.c @@ -140,6 +140,7 @@ static int qio_channel_buffer_close(QIOChannel *ioc, QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc); g_free(bioc->data); + bioc->data = NULL; bioc->capacity = bioc->usage = bioc->offset = 0; return 0;
The QIOChannelBuffer's close implementation will free the internal data buffer. It failed to reset the pointer to NULL though, so when the object is later finalized it will free it a second time with predictable crash. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- io/channel-buffer.c | 1 + 1 file changed, 1 insertion(+)