From patchwork Wed Apr 27 10:04:52 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 8954311 Return-Path: X-Original-To: patchwork-qemu-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 36FCBBF29F for ; Wed, 27 Apr 2016 10:06:09 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id A2E802021F for ; Wed, 27 Apr 2016 10:06:08 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 64EC12015A for ; Wed, 27 Apr 2016 10:06:06 +0000 (UTC) Received: from localhost ([::1]:42226 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avMM9-0005D6-EV for patchwork-qemu-devel@patchwork.kernel.org; Wed, 27 Apr 2016 06:06:05 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48323) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avMLZ-0004t3-1S for qemu-devel@nongnu.org; Wed, 27 Apr 2016 06:05:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1avMLY-0004RU-5F for qemu-devel@nongnu.org; Wed, 27 Apr 2016 06:05:28 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48828) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avMLY-0004RP-1C for qemu-devel@nongnu.org; Wed, 27 Apr 2016 06:05:28 -0400 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B87F780084 for ; Wed, 27 Apr 2016 10:05:27 +0000 (UTC) Received: from t530wlan.home.berrange.com.com (vpn1-6-18.ams2.redhat.com [10.36.6.18]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u3RA5MRB030816; Wed, 27 Apr 2016 06:05:26 -0400 From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Wed, 27 Apr 2016 11:04:52 +0100 Message-Id: <1461751518-12128-3-git-send-email-berrange@redhat.com> In-Reply-To: <1461751518-12128-1-git-send-email-berrange@redhat.com> References: <1461751518-12128-1-git-send-email-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v6 for-2.7 02/28] io: avoid double-free when closing QIOChannelBuffer X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Amit Shah , "Dr. David Alan Gilbert" , Juan Quintela Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The QIOChannelBuffer's close implementation will free the internal data buffer. It failed to reset the pointer to NULL though, so when the object is later finalized it will free it a second time with predictable crash. Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Daniel P. Berrange Reviewed-by: Juan Quintela --- io/channel-buffer.c | 1 + 1 file changed, 1 insertion(+) diff --git a/io/channel-buffer.c b/io/channel-buffer.c index 3e5117b..43d7959 100644 --- a/io/channel-buffer.c +++ b/io/channel-buffer.c @@ -140,6 +140,7 @@ static int qio_channel_buffer_close(QIOChannel *ioc, QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc); g_free(bioc->data); + bioc->data = NULL; bioc->capacity = bioc->usage = bioc->offset = 0; return 0;