[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 6/6] qga/commands-posix: fix use after free of local_err
From: |
Vladimir Sementsov-Ogievskiy |
Subject: |
[PATCH 6/6] qga/commands-posix: fix use after free of local_err |
Date: |
Tue, 24 Mar 2020 18:36:30 +0300 |
local_err is used several times in guest_suspend(). Setting non-NULL
local_err will crash, so let's zero it after freeing. Also fix possible
leak of local_err in final if().
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
---
qga/commands-posix.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index 93474ff770..cc69b82704 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1773,6 +1773,7 @@ static void guest_suspend(SuspendMode mode, Error **errp)
}
error_free(local_err);
+ local_err = NULL;
if (pmutils_supports_mode(mode, &local_err)) {
mode_supported = true;
@@ -1784,6 +1785,7 @@ static void guest_suspend(SuspendMode mode, Error **errp)
}
error_free(local_err);
+ local_err = NULL;
if (linux_sys_state_supports_mode(mode, &local_err)) {
mode_supported = true;
@@ -1791,6 +1793,7 @@ static void guest_suspend(SuspendMode mode, Error **errp)
}
if (!mode_supported) {
+ error_free(local_err);
error_setg(errp,
"the requested suspend mode is not supported by the guest");
} else {
--
2.21.0
[PATCH 4/6] migration/colo: fix use after free of local_err, Vladimir Sementsov-Ogievskiy, 2020/03/24
[PATCH 3/6] dump/win_dump: fix use after free of err, Vladimir Sementsov-Ogievskiy, 2020/03/24
[PATCH 5/6] migration/ram: fix use after free of local_err, Vladimir Sementsov-Ogievskiy, 2020/03/24
[PATCH 6/6] qga/commands-posix: fix use after free of local_err,
Vladimir Sementsov-Ogievskiy <=
Re: [PATCH 6/6] qga/commands-posix: fix use after free of local_err, Markus Armbruster, 2020/03/31
Re: [PATCH for-5.0 0/6] Several error use-after-free, Richard Henderson, 2020/03/24