From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 03/12] qobject: Protect against use-after-free in qobject_decref()
Date: Mon, 9 Nov 2015 18:46:35 +0100 [thread overview]
Message-ID: <1447091204-10226-4-git-send-email-armbru@redhat.com> (raw)
In-Reply-To: <1447091204-10226-1-git-send-email-armbru@redhat.com>
From: Eric Blake <eblake@redhat.com>
Adding an assertion to qobject_decref() will ensure that a
programming error causing use-after-free will result in
immediate failure (provided no other thread has started
using the memory) instead of silently attempting to wrap
refcnt around and leaving the problem to potentially bite
later at a harder point to diagnose.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <1446791754-23823-4-git-send-email-eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
include/qapi/qmp/qobject.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/qapi/qmp/qobject.h b/include/qapi/qmp/qobject.h
index c856f55..4b96ed5 100644
--- a/include/qapi/qmp/qobject.h
+++ b/include/qapi/qmp/qobject.h
@@ -90,6 +90,7 @@ static inline void qobject_incref(QObject *obj)
*/
static inline void qobject_decref(QObject *obj)
{
+ assert(!obj || obj->refcnt);
if (obj && --obj->refcnt == 0) {
assert(obj->type != NULL);
assert(obj->type->destroy != NULL);
--
2.4.3
next prev parent reply other threads:[~2015-11-09 17:46 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-09 17:46 [Qemu-devel] [PULL 00/12] QAPI patches Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 01/12] qapi: Use generated TestStruct machinery in tests Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 02/12] qapi: Strengthen test of TestStructList Markus Armbruster
2015-11-09 17:46 ` Markus Armbruster [this message]
2015-11-09 17:46 ` [Qemu-devel] [PULL 04/12] qapi: Share test_init code in test-qmp-input* Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 05/12] qapi: Plug leaks in test-qmp-* Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 06/12] qapi: Simplify non-error testing " Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 07/12] qapi: Simplify error cleanup " Markus Armbruster
2015-11-09 18:06 ` Eric Blake
2015-11-10 7:36 ` Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 08/12] qapi: More tests of alternate output Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 09/12] qapi: Test failure in middle of array parse Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 10/12] qapi: More tests of input arrays Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 11/12] qapi: Provide nicer array names in introspection Markus Armbruster
2015-11-09 17:46 ` [Qemu-devel] [PULL 12/12] qapi-introspect: Document lack of sorting Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1447091204-10226-4-git-send-email-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.