From patchwork Fri Mar 11 16:37:36 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?=
 <berrange@redhat.com>
X-Patchwork-Id: 8567581
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Original-To: patchwork-qemu-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id B23859F44D
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Fri, 11 Mar 2016 16:42:36 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 2E9A320122
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Fri, 11 Mar 2016 16:42:36 +0000 (UTC)
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 823EF201F5
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Fri, 11 Mar 2016 16:42:35 +0000 (UTC)
Received: from localhost ([::1]:56404 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1aeQ94-0006Wb-Ri for patchwork-qemu-devel@patchwork.kernel.org;
	Fri, 11 Mar 2016 11:42:34 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53758)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1aeQ4s-0007dt-QZ
	for qemu-devel@nongnu.org; Fri, 11 Mar 2016 11:38:18 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1aeQ4o-0005Gt-UI
	for qemu-devel@nongnu.org; Fri, 11 Mar 2016 11:38:14 -0500
Received: from mx1.redhat.com ([209.132.183.28]:41740)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1aeQ4o-0005Gh-Py
	for qemu-devel@nongnu.org; Fri, 11 Mar 2016 11:38:10 -0500
Received: from int-mx14.intmail.prod.int.phx2.redhat.com
	(int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27])
	by mx1.redhat.com (Postfix) with ESMTPS id 616CD67C2D
	for <qemu-devel@nongnu.org>; Fri, 11 Mar 2016 16:38:10 +0000 (UTC)
Received: from t530wlan.home.berrange.com.com (vpn1-6-25.ams2.redhat.com
	[10.36.6.25])
	by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u2BGc5Oc002899; Fri, 11 Mar 2016 11:38:09 -0500
From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Date: Fri, 11 Mar 2016 16:37:36 +0000
Message-Id: <1457714282-6981-3-git-send-email-berrange@redhat.com>
In-Reply-To: <1457714282-6981-1-git-send-email-berrange@redhat.com>
References: <1457714282-6981-1-git-send-email-berrange@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 209.132.183.28
Cc: Amit Shah <amit.shah@redhat.com>,
	"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
	Juan Quintela <quintela@redhat.com>
Subject: [Qemu-devel] [PATCH v4 02/28] io: avoid double-free when closing
	QIOChannelBuffer
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The QIOChannelBuffer's close implementation will free
the internal data buffer. It failed to reset the pointer
to NULL though, so when the object is later finalized
it will free it a second time with predictable crash.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 io/channel-buffer.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/io/channel-buffer.c b/io/channel-buffer.c
index 3e5117b..43d7959 100644
--- a/io/channel-buffer.c
+++ b/io/channel-buffer.c
@@ -140,6 +140,7 @@ static int qio_channel_buffer_close(QIOChannel *ioc,
     QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc);
 
     g_free(bioc->data);
+    bioc->data = NULL;
     bioc->capacity = bioc->usage = bioc->offset = 0;
 
     return 0;