[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH] block: Fix use after free error in bdrv_open_in
From: |
Kevin Wolf |
Subject: |
Re: [Qemu-block] [PATCH] block: Fix use after free error in bdrv_open_inherit() |
Date: |
Mon, 10 Sep 2018 10:34:20 +0200 |
User-agent: |
Mutt/1.9.1 (2017-09-22) |
Am 06.09.2018 um 16:25 hat Alberto Garcia geschrieben:
> When a block device is opened with BDRV_O_SNAPSHOT and the
> bdrv_append_temp_snapshot() call fails then the error code path tries
> to unref the already destroyed 'options' QDict.
>
> This can be reproduced easily by setting TMPDIR to a location where
> the QEMU process can't write:
>
> $ TMPDIR=/nonexistent $QEMU -drive driver=null-co,snapshot=on
>
> Signed-off-by: Alberto Garcia <address@hidden>
Thanks, applied to the block branch.
But can we add the reproducer to some iotests case?
Kevin