[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] block-vmdk.c:vmdk_close() use-after-free
From: |
Ed Maste |
Subject: |
[Qemu-devel] block-vmdk.c:vmdk_close() use-after-free |
Date: |
Wed, 21 May 2008 15:41:58 -0400 |
User-agent: |
Mutt/1.4.2.1i |
I ran into a segfault running qemu-img on FreeBSD (with malloc debugging
on by default). It's reproducible by running
qemu-img convert -O vmdk /dev/null x.vmdk
It turns out to be a use-after-free in block-vmdk.c:vmdk_close(). I
think the following patch should fix it:
Index: block-vmdk.c
===================================================================
--- block-vmdk.c (revision 4519)
+++ block-vmdk.c (working copy)
@@ -808,9 +808,9 @@
qemu_free(s->l1_table);
qemu_free(s->l2_cache);
- bdrv_delete(s->hd);
// try to close parent image, if exist
vmdk_parent_close(s->hd);
+ bdrv_delete(s->hd);
}
static void vmdk_flush(BlockDriverState *bs)
Regards,
Ed
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] block-vmdk.c:vmdk_close() use-after-free,
Ed Maste <=