[libvirt] virStream double unref in virChrdevOpen()
Eric Blake
eblake at redhat.com
Fri May 24 21:27:50 UTC 2013
On 05/18/2013 02:22 AM, Sergey Fionov wrote:
> Hello,
>
> There is double unref virChrdevOpen() (src/conf/virchrdev.c) when error occured.
>
> if (virStreamRef(st) < 0) {
> virMutexUnlock(&devs->lock);
> return -1;
> }
Thanks again for the report. I didn't see a reply to this email; so for
closure, I'll point out that it was fixed:
commit a32b41746c4e1a44fb998a93da99c72f6586b359
Author: Ján Tomko <jtomko at redhat.com>
Date: Wed May 22 12:56:23 2013 +0200
conf: fix use after free in virChrdevOpen
Don't free the stream on error if we've successfully added it
to the hash table, since it will be freed by virChrdevHashEntryFree
callback.
Preserve the error message before calling virStreamFree, since it
resets the error.
Introduced by 4716138, crashing since 6921892.
Reported by Sergey Fionov on libvir-list.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130524/bc59a1c9/attachment-0001.sig>
More information about the libvir-list
mailing list