[libvirt] [PATCH] rpc : fix a access for null pointer
Peng Hao
peng.hao2 at zte.com.cn
Sat Jul 15 15:00:12 UTC 2017
virNetSocketRemoveIOCallback get sock's ObjectLock and will call
virNetSocketEventFree. virNetSocketEventFree may be free sock
object and virNetSocketRemoveIOCallback will access a null pointer
in release sock's ObjectLock.
Signed-off-by: Liu Yun <liu.yunh at zte.com.cn>
Signed-off-by: Peng Hao <peng.hao2 at zte.com.cn>
---
src/rpc/virnetsocket.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index d228c8a..8b550e8 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -2140,14 +2140,12 @@ static void virNetSocketEventFree(void *opaque)
virFreeCallback ff;
void *eopaque;
- virObjectLock(sock);
ff = sock->ff;
eopaque = sock->opaque;
sock->func = NULL;
sock->ff = NULL;
sock->opaque = NULL;
- virObjectUnlock(sock);
-
+
if (ff)
ff(eopaque);
@@ -2207,6 +2205,7 @@ void virNetSocketUpdateIOCallback(virNetSocketPtr sock,
void virNetSocketRemoveIOCallback(virNetSocketPtr sock)
{
+ virObjectRef(sock);
virObjectLock(sock);
if (sock->watch < 0) {
@@ -2220,6 +2219,7 @@ void virNetSocketRemoveIOCallback(virNetSocketPtr sock)
sock->watch = -1;
virObjectUnlock(sock);
+ virObjectRef(sock);
}
void virNetSocketClose(virNetSocketPtr sock)
--
1.8.3.1
More information about the libvir-list
mailing list