[Qemu-devel] [PULL 21/50] char: remove use-after-free on win-stdio

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 21/50] char: remove use-after-free on win-stdio

From:	Paolo Bonzini
Subject:	[Qemu-devel] [PULL 21/50] char: remove use-after-free on win-stdio
Date:	Mon, 24 Oct 2016 15:47:06 +0200

From: Marc-André Lureau <address@hidden>

Found by reviewing the code, win_stdio_close() is called by
qemu_chr_free() which then call qemu_chr_free_common() taking care of
freeing CharDriverState*.

Signed-off-by: Marc-André Lureau <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
 qemu-char.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/qemu-char.c b/qemu-char.c
index d83a896..9165051 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2435,7 +2435,6 @@ static void win_stdio_close(CharDriverState *chr)
     }
 
     g_free(chr->opaque);
-    g_free(chr);
 }
 
 static CharDriverState *qemu_chr_open_stdio(const char *id,
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 11/50] test-i386: fix bitrot for 64-bit, (continued)
- [Qemu-devel] [PULL 11/50] test-i386: fix bitrot for 64-bit, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 09/50] atomic: base mb_read/mb_set on load-acquire and store-release, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 10/50] qht-bench: relax test_start/stop atomic accesses, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 13/50] tcg: try sti when moving a constant into a dead memory temp, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 14/50] memory: eliminate global MemoryListeners, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 17/50] memory: optimize memory_region_sync_dirty_bitmap, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 15/50] memory: add a per-AddressSpace list of listeners, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 20/50] rng: remove unused included header, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 16/50] memory: optimize memory_global_dirty_log_sync, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 19/50] char.h: misc doc fix, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 21/50] char: remove use-after-free on win-stdio, Paolo Bonzini <=
- [Qemu-devel] [PULL 18/50] char: serial: check divider value against baud base, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 22/50] ringbuf: fix chr_write return value, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 23/50] sun4uv: fix serial initialization regression, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 28/50] char: introduce CharBackend, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 24/50] malta: replace chr init by CHR_EVENT_OPENED handler, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 25/50] char: remove init callback, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 26/50] xilinx: fix buffer overflow on realize, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 27/50] mux: split mux_chr_update_read_handler(), Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 29/50] char: start converting mux driver to use CharBackend, Paolo Bonzini, 2016/10/24
- [Qemu-devel] [PULL 33/50] colo: claim in find_and_check_chardev, Paolo Bonzini, 2016/10/24

Prev by Date: [Qemu-devel] [PULL 19/50] char.h: misc doc fix
Next by Date: [Qemu-devel] [PULL 18/50] char: serial: check divider value against baud base
Previous by thread: [Qemu-devel] [PULL 19/50] char.h: misc doc fix
Next by thread: [Qemu-devel] [PULL 18/50] char: serial: check divider value against baud base
Index(es):
- Date
- Thread