[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 75/97] pr-manager: Fix invalid g_free() crash bug
From: |
Michael Roth |
Subject: |
[PATCH 75/97] pr-manager: Fix invalid g_free() crash bug |
Date: |
Tue, 1 Oct 2019 18:45:54 -0500 |
From: Markus Armbruster <address@hidden>
pr_manager_worker() passes its @opaque argument to g_free(). Wrong;
it points to pr_manager_worker()'s automatic @data. Broken when
commit 2f3a7ab39be converted @data from heap- to stack-allocated. Fix
by deleting the g_free().
Fixes: 2f3a7ab39bec4ba8022dc4d42ea641165b004e3e
Cc: address@hidden
Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Acked-by: Paolo Bonzini <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
(cherry picked from commit 6b9d62c2a9e83bbad73fb61406f0ff69b46ff6f3)
Signed-off-by: Michael Roth <address@hidden>
---
scsi/pr-manager.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/scsi/pr-manager.c b/scsi/pr-manager.c
index d9f4e8c3ad..227bdfaad2 100644
--- a/scsi/pr-manager.c
+++ b/scsi/pr-manager.c
@@ -38,7 +38,6 @@ static int pr_manager_worker(void *opaque)
int fd = data->fd;
int r;
- g_free(data);
trace_pr_manager_run(fd, hdr->cmdp[0], hdr->cmdp[1]);
/* The reference was taken in pr_manager_execute. */
--
2.17.1
- [PATCH 92/97] curl: Check curl_multi_add_handle()'s return code, (continued)
- [PATCH 92/97] curl: Check curl_multi_add_handle()'s return code, Michael Roth, 2019/10/01
- [PATCH 10/97] spapr/xive: fix EQ page addresses above 64GB, Michael Roth, 2019/10/01
- [PATCH 06/97] block: Fix AioContext switch for bs->drv == NULL, Michael Roth, 2019/10/01
- [PATCH 96/97] hw/core/loader: Fix possible crash in rom_copy(), Michael Roth, 2019/10/01
- [PATCH 93/97] slirp: Fix heap overflow in ip_reass on big packet input, Michael Roth, 2019/10/01
- [PATCH 95/97] s390: PCI: fix IOMMU region init, Michael Roth, 2019/10/01
- [PATCH 63/97] backup: Copy only dirty areas, Michael Roth, 2019/10/01
- [PATCH 08/97] Makefile: add nit-picky mode to sphinx-build, Michael Roth, 2019/10/01
- [PATCH 97/97] scsi: lsi: exit infinite loop while executing script (CVE-2019-12068), Michael Roth, 2019/10/01
- [PATCH 74/97] xen-bus: Fix backend state transition on device reset, Michael Roth, 2019/10/01
- [PATCH 75/97] pr-manager: Fix invalid g_free() crash bug,
Michael Roth <=
- [PATCH 94/97] slirp: ip_reass: Fix use after free, Michael Roth, 2019/10/01
- [PATCH 09/97] docs/interop/bitmaps: rewrite and modernize doc, Michael Roth, 2019/10/01
- [PATCH 23/97] iotests: add iotest 256 for testing blockdev-backup across iothread contexts, Michael Roth, 2019/10/01
- [PATCH 91/97] curl: Handle success in multi_check_completion, Michael Roth, 2019/10/01
- [PATCH 19/97] iotests.py: do not use infinite waits, Michael Roth, 2019/10/01
- Re: [PATCH 00/97] Patch Round-up for stable 4.0.1, freeze on 2019-10-10, Thomas Huth, 2019/10/02
- Re: [PATCH 00/97] Patch Round-up for stable 4.0.1, freeze on 2019-10-10, Philippe Mathieu-Daudé, 2019/10/03
- Re: [PATCH 00/97] Patch Round-up for stable 4.0.1, freeze on 2019-10-10, Alexandr Iarygin, 2019/10/07
- Re: [PATCH 00/97] Patch Round-up for stable 4.0.1, freeze on 2019-10-10, Philippe Mathieu-Daudé, 2019/10/08