[PATCH] qemu_conf: Fix double free problem for cfg->firmwares
Tuguoyi
tu.guoyi at h3c.com
Tue Nov 24 03:12:00 UTC 2020
cfg->firmwares still points to the original memory address after being
freed by virFirmwareFreeList(). As cfg get freed, it will be freed again
even if cfg->nfirmwares=0 which eventually lead to crash.
The patch fix it by setting cfg->firmwares to NULL explicitly after
virFirmwareFreeList() returns
Signed-off-by: Tuguoyi <tu.guoyi at h3c.com>
---
src/qemu/qemu_conf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 83de26a..98593b5 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -832,6 +832,7 @@ virQEMUDriverConfigLoadNVRAMEntry(virQEMUDriverConfigPtr cfg,
VIR_AUTOSTRINGLIST fwList = NULL;
virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
+ cfg->firmwares = NULL;
if (qemuFirmwareFetchConfigs(&fwList, privileged) < 0)
return -1;
--
2.7.4
--
Best regards,
Guoyi
More information about the libvir-list
mailing list