[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 66/67] msmouse: Fix segfault caused by free the chr
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 66/67] msmouse: Fix segfault caused by free the chr before chardev cleanup. |
Date: |
Wed, 14 Dec 2016 18:45:00 -0600 |
From: Lin Ma <address@hidden>
Segfault happens when leaving qemu with msmouse backend:
#0 0x00007fa8526ac975 in raise () at /lib64/libc.so.6
#1 0x00007fa8526add8a in abort () at /lib64/libc.so.6
#2 0x0000558be78846ab in error_exit (err=16, msg=0x558be799da10 ...
#3 0x0000558be7884717 in qemu_mutex_destroy (mutex=0x558be93be750) at ...
#4 0x0000558be7549951 in qemu_chr_free_common (chr=0x558be93be750) at ...
#5 0x0000558be754999c in qemu_chr_free (chr=0x558be93be750) at ...
#6 0x0000558be7549a20 in qemu_chr_delete (chr=0x558be93be750) at ...
#7 0x0000558be754a8ef in qemu_chr_cleanup () at qemu-char.c:4643
#8 0x0000558be755843e in main (argc=5, argv=0x7ffe925d7118, ...
The chr was freed by msmouse close callback before chardev cleanup,
Then qemu_mutex_destroy triggered raise().
Because freeing chr is handled by qemu_chr_free_common, Remove the free from
msmouse_chr_close to avoid double free.
Fixes: c1111a24a3358ecd2f17be7c8b117cfe8bc5e5f8
Cc: address@hidden
Signed-off-by: Lin Ma <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
(cherry picked from commit 9e14037f05e99ca3b8a33d8be9a2a636bbf09326)
Signed-off-by: Michael Roth <address@hidden>
---
backends/msmouse.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/backends/msmouse.c b/backends/msmouse.c
index aceb6dc..85d08f7 100644
--- a/backends/msmouse.c
+++ b/backends/msmouse.c
@@ -139,7 +139,6 @@ static void msmouse_chr_close (struct CharDriverState *chr)
qemu_input_handler_unregister(mouse->hs);
g_free(mouse);
- g_free(chr);
}
static QemuInputHandler msmouse_handler = {
--
1.9.1
- [Qemu-stable] [PATCH 54/67] block/curl: Use BDRV_SECTOR_SIZE, (continued)
- [Qemu-stable] [PATCH 54/67] block/curl: Use BDRV_SECTOR_SIZE, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 55/67] block/curl: Fix return value from curl_read_cb, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 49/67] slirp: Fix access to freed memory, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 56/67] block/curl: Remember all sockets, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 58/67] vhost: drop legacy vring layout bits, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 60/67] pci-assign: sync MSI/MSI-X cap and table with PCIDevice, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 52/67] block: Return -ENOTSUP rather than assert on unaligned discards, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 63/67] vhost-user-test: Use libqos instead of pxe-virtio.rom, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 57/67] block/curl: Do not wait for data beyond EOF, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 61/67] rules.mak: Use -r instead of -Wl, -r to fix building when PIE is default, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 66/67] msmouse: Fix segfault caused by free the chr before chardev cleanup.,
Michael Roth <=
- [Qemu-stable] [PATCH 05/67] virtio: zero vq->inuse in virtio_reset(), Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 59/67] ivshmem: Fix 64 bit memory bar configuration, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 62/67] intel_iommu: fix incorrect device invalidate, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 64/67] vl: Delay initialization of memory backends, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 65/67] Revert "megasas: remove useless check for cmd->frame", Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 06/67] virtio-balloon: discard virtqueue element on reset, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 67/67] vfio/pci: Fix vfio_rtl8168_quirk_data_read address offset, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 07/67] vnc: fix qemu crash because of SIGSEGV, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 08/67] 9pfs: fix potential segfault during walk, Michael Roth, 2016/12/14
- Re: [Qemu-stable] [Qemu-devel] [PATCH 00/67] Patch Round-up for stable 2.7.1, freeze on 2016-12-20, Stefan Weil, 2016/12/15