proxmox-mirrors/qemu
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu synced 2025-08-08 10:44:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

virtio-blk: Fix use after free in error case

Browse Source 
virtio_blk_req_complete frees the request, so we can't access it any more when
calling bdrv_mon_event. Use the pointer that was copied earlier.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com>
This commit is contained in:
Kevin Wolf 2010-03-31 17:46:59 +02:00 committed by Aurelien Jarno
parent 5369e3c0b8
commit 908bb9497b
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hw/virtio-blk.c
View File

@ -65,7 +65,7 @@ static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
VirtIOBlock *s = req->dev; VirtIOBlock *s = req->dev;
if (action == BLOCK_ERR_IGNORE) { if (action == BLOCK_ERR_IGNORE) {
bdrv_mon_event(req->dev->bs, BDRV_ACTION_IGNORE, is_read); bdrv_mon_event(s->bs, BDRV_ACTION_IGNORE, is_read);
return 0; return 0;
} }
@ -73,11 +73,11 @@ static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
|| action == BLOCK_ERR_STOP_ANY) { || action == BLOCK_ERR_STOP_ANY) {
req->next = s->rq; req->next = s->rq;
s->rq = req; s->rq = req;
bdrv_mon_event(req->dev->bs, BDRV_ACTION_STOP, is_read); bdrv_mon_event(s->bs, BDRV_ACTION_STOP, is_read);
vm_stop(0); vm_stop(0);
} else { } else {
virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR); virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
bdrv_mon_event(req->dev->bs, BDRV_ACTION_REPORT, is_read); bdrv_mon_event(s->bs, BDRV_ACTION_REPORT, is_read);
} }
return 1; return 1;