[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] block/block-copy: fix use-after-free of task pointer
From: |
Vladimir Sementsov-Ogievskiy |
Subject: |
[PATCH] block/block-copy: fix use-after-free of task pointer |
Date: |
Thu, 7 May 2020 21:38:00 +0300 |
Obviously, we should g_free the task after trace point and offset
update.
Reported-by: Coverity
Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
Signed-off-by: Vladimir Sementsov-Ogievskiy <address@hidden>
---
Be free to add Coverity number to the commit message, I don't know it.
block/block-copy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/block-copy.c b/block/block-copy.c
index 03500680f7..4713c8f2a3 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -591,13 +591,13 @@ static int coroutine_fn
block_copy_dirty_clusters(BlockCopyState *s,
}
if (s->skip_unallocated && !(ret & BDRV_BLOCK_ALLOCATED)) {
block_copy_task_end(task, 0);
- g_free(task);
progress_set_remaining(s->progress,
bdrv_get_dirty_count(s->copy_bitmap) +
s->in_flight_bytes);
trace_block_copy_skip_range(s, task->offset, task->bytes);
offset = task_end(task);
bytes = end - offset;
+ g_free(task);
continue;
}
task->zeroes = ret & BDRV_BLOCK_ZERO;
--
2.21.0
- [PATCH] block/block-copy: fix use-after-free of task pointer,
Vladimir Sementsov-Ogievskiy <=