[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-stable] [PATCH] block: Fix use after free error in bdrv_open_i
From: |
Alberto Garcia |
Subject: |
Re: [Qemu-stable] [PATCH] block: Fix use after free error in bdrv_open_inherit() |
Date: |
Mon, 10 Sep 2018 11:34:35 +0200 |
User-agent: |
Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (i586-pc-linux-gnu) |
On Mon 10 Sep 2018 10:34:20 AM CEST, Kevin Wolf <address@hidden> wrote:
> Am 06.09.2018 um 16:25 hat Alberto Garcia geschrieben:
>> When a block device is opened with BDRV_O_SNAPSHOT and the
>> bdrv_append_temp_snapshot() call fails then the error code path tries
>> to unref the already destroyed 'options' QDict.
>>
>> This can be reproduced easily by setting TMPDIR to a location where
>> the QEMU process can't write:
>>
>> $ TMPDIR=/nonexistent $QEMU -drive driver=null-co,snapshot=on
>>
>> Signed-off-by: Alberto Garcia <address@hidden>
>
> Thanks, applied to the block branch.
>
> But can we add the reproducer to some iotests case?
Yup, I just sent it.
Berto