[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f151f8: migration/ram.c: Fix use-after-free i
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] f151f8: migration/ram.c: Fix use-after-free in multifd_rec... |
|
Date: |
Tue, 09 Apr 2019 19:47:10 +0000 (UTC) |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: f151f8aca5cf5da24f6eb743a55a2233091ae532
https://github.com/qemu/qemu/commit/f151f8aca5cf5da24f6eb743a55a2233091ae532
Author: Peter Maydell <address@hidden>
Date: 2019-04-09 (Tue, 09 Apr 2019)
Changed paths:
M migration/ram.c
Log Message:
-----------
migration/ram.c: Fix use-after-free in multifd_recv_unfill_packet()
Coverity points out (CID 1400442) that in this code:
if (packet->pages_alloc > p->pages->allocated) {
multifd_pages_clear(p->pages);
multifd_pages_init(packet->pages_alloc);
}
we free p->pages in multifd_pages_clear() but continue to
use it in the following code. We also leak memory, because
multifd_pages_init() returns the pointer to a new MultiFDPages_t
struct but we are ignoring its return value.
Fix both of these bugs by adding the missing assignment of
the newly created struct to p->pages.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Juan Quintela <address@hidden>
Message-id: address@hidden
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f151f8: migration/ram.c: Fix use-after-free in multifd_rec...,
Peter Maydell <=