Revision 7de3abe5

« Previous | Next »

ID	7de3abe505e34398cef5bddf6c4d0bd9ee47007f

Added by Anthony Liguori almost 12 years ago

qdev: fix use-after-free in the error path of qdev_init_nofail

From Markus:

Before:

$ qemu-system-x86_64 -display none -drive if=ide
    qemu-system-x86_64: Device needs media, but drive is empty
    qemu-system-x86_64: Initialization of device ide-hd failed
    [Exit 1 ]

After:

$ qemu-system-x86_64 -display none -drive if=ide
    qemu-system-x86_64: Device needs media, but drive is empty
    Segmentation fault (core dumped)
    [Exit 139 (SIGSEGV)]

This error always existed as qdev_init() frees the object. But QOM
goes a bit further and purposefully sets the class pointer to NULL to
help find use-after-free. It worked :-)

Cc: Andreas Faerber <afaerber@suse.de>
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

Files

added
modified
copied
renamed
deleted

View differences

hw
- qdev.c (diff)

Archipelago » qemu

Revision 7de3abe5

Files