[Qemu-devel] [PATCH] Fix crash after char device read returns 0

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] Fix crash after char device read returns 0

From:	Ed Swierk
Subject:	[Qemu-devel] [PATCH] Fix crash after char device read returns 0
Date:	Wed, 14 Feb 2007 10:11:00 -0800

qemu 0.9.0 on Linux crashes with SIGSEGV after read() on a char device
returns 0, which occurs if the char device is a fifo and the writer
closes the file.

In this case, fd_chr_read() and stdio_read() react by removing the IO
handler and freeing it. Unfortunately main_loop_wait() is unprepared
to deal with this (as the comment "XXX: better handling of removal"
suggests) and attempts to access the freed handler.

Even if main_loop_wait() were improved, it is not correct to remove
the IO handler just because read() returns 0: if the char device is a
fifo, a process may well reopen the fifo for writing at a later point.

The attached patch is a naive fix; feedback is welcome.

--Ed

qemu-chr-read-zero.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] Fix crash after char device read returns 0, Ed Swierk <=

Prev by Date: RE: [Qemu-devel] USB storage cannot be recognized on guest Linux domain?
Next by Date: [Qemu-devel] ARM post-decrement fix
Previous by thread: [Qemu-devel] libusb-win32-filter-bin-0.1.10.2.exe - please check your system if you used this!
Next by thread: [Qemu-devel] ARM post-decrement fix
Index(es):
- Date
- Thread