* [PATCH] block/block-copy: fix use-after-free of task pointer
@ 2020-05-07 18:38 Vladimir Sementsov-Ogievskiy
2020-05-07 18:52 ` Eric Blake
2020-05-08 7:42 ` Max Reitz
0 siblings, 2 replies; 3+ messages in thread
From: Vladimir Sementsov-Ogievskiy @ 2020-05-07 18:38 UTC (permalink / raw)
To: qemu-block; +Cc: kwolf, den, vsementsov, qemu-devel, mreitz
Obviously, we should g_free the task after trace point and offset
update.
Reported-by: Coverity
Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
Be free to add Coverity number to the commit message, I don't know it.
block/block-copy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/block-copy.c b/block/block-copy.c
index 03500680f7..4713c8f2a3 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -591,13 +591,13 @@ static int coroutine_fn block_copy_dirty_clusters(BlockCopyState *s,
}
if (s->skip_unallocated && !(ret & BDRV_BLOCK_ALLOCATED)) {
block_copy_task_end(task, 0);
- g_free(task);
progress_set_remaining(s->progress,
bdrv_get_dirty_count(s->copy_bitmap) +
s->in_flight_bytes);
trace_block_copy_skip_range(s, task->offset, task->bytes);
offset = task_end(task);
bytes = end - offset;
+ g_free(task);
continue;
}
task->zeroes = ret & BDRV_BLOCK_ZERO;
--
2.21.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] block/block-copy: fix use-after-free of task pointer
2020-05-07 18:38 [PATCH] block/block-copy: fix use-after-free of task pointer Vladimir Sementsov-Ogievskiy
@ 2020-05-07 18:52 ` Eric Blake
2020-05-08 7:42 ` Max Reitz
1 sibling, 0 replies; 3+ messages in thread
From: Eric Blake @ 2020-05-07 18:52 UTC (permalink / raw)
To: Vladimir Sementsov-Ogievskiy, qemu-block; +Cc: kwolf, den, qemu-devel, mreitz
On 5/7/20 1:38 PM, Vladimir Sementsov-Ogievskiy wrote:
> Obviously, we should g_free the task after trace point and offset
> update.
>
> Reported-by: Coverity
> Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>
> Be free to add Coverity number to the commit message, I don't know it.
>
> block/block-copy.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] block/block-copy: fix use-after-free of task pointer
2020-05-07 18:38 [PATCH] block/block-copy: fix use-after-free of task pointer Vladimir Sementsov-Ogievskiy
2020-05-07 18:52 ` Eric Blake
@ 2020-05-08 7:42 ` Max Reitz
1 sibling, 0 replies; 3+ messages in thread
From: Max Reitz @ 2020-05-08 7:42 UTC (permalink / raw)
To: Vladimir Sementsov-Ogievskiy, qemu-block; +Cc: kwolf, den, qemu-devel
[-- Attachment #1.1: Type: text/plain, Size: 494 bytes --]
On 07.05.20 20:38, Vladimir Sementsov-Ogievskiy wrote:
> Obviously, we should g_free the task after trace point and offset
> update.
>
> Reported-by: Coverity
> Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>
> Be free to add Coverity number to the commit message, I don't know it.
Thanks, done, and applied to my block branch:
https://git.xanclic.moe/XanClic/qemu/commits/branch/block
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-05-08 7:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-07 18:38 [PATCH] block/block-copy: fix use-after-free of task pointer Vladimir Sementsov-Ogievskiy
2020-05-07 18:52 ` Eric Blake
2020-05-08 7:42 ` Max Reitz
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.