chardev/baum: fix baum that releases brlapi twice

Message ID	20170922225533.1928-1-lyan@suse.com
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; From: Liang Yan <lyan@suse.com> To: samuel.thibault@ens-lyon.org, pbonzini@redhat.com, marcandre.lureau@redhat.com Date: Fri, 22 Sep 2017 18:55:33 -0400 Message-Id: <20170922225533.1928-1-lyan@suse.com> Subject: [Qemu-devel] [PATCH] chardev/baum: fix baum that releases brlapi twice Precedence: list Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Series	chardev/baum: fix baum that releases brlapi twice \| expand chardev/baum: fix baum that releases brlapi twice

Message ID

20170922225533.1928-1-lyan@suse.com

State

Superseded

Headers

Received-SPF: pass (google.com: domain of
	qemu-devel-bounces+patch=linaro.org@nongnu.org designates
	2001:4830:134:3::11 as permitted sender)
	client-ip=2001:4830:134:3::11; 
From: Liang Yan <lyan@suse.com>
To: samuel.thibault@ens-lyon.org, pbonzini@redhat.com,
	marcandre.lureau@redhat.com
Date: Fri, 22 Sep 2017 18:55:33 -0400
Message-Id: <20170922225533.1928-1-lyan@suse.com>
Subject: [Qemu-devel] [PATCH] chardev/baum: fix baum that releases brlapi
	twice
Precedence: list
Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Series

chardev/baum: fix baum that releases brlapi twice | expand

Commit Message

Liang Yan Sept. 22, 2017, 10:55 p.m. UTC

Error process of baum_chr_open needs to set brlapi null, so it won't
get released twice in char_braille_finalize, which will cause
"/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"

Signed-off-by: Liang Yan <lyan@suse.com>

---
 chardev/baum.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.14.1

Comments

Marc-André Lureau Sept. 24, 2017, 4:56 p.m. UTC | #1

----- Original Message -----
> Error process of baum_chr_open needs to set brlapi null, so it won't

> get released twice in char_braille_finalize, which will cause

> "/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"

> 

> Signed-off-by: Liang Yan <lyan@suse.com>


Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---

>  chardev/baum.c | 1 +

>  1 file changed, 1 insertion(+)

> 

> diff --git a/chardev/baum.c b/chardev/baum.c

> index 302dd9666c..67fd783a59 100644

> --- a/chardev/baum.c

> +++ b/chardev/baum.c

> @@ -643,6 +643,7 @@ static void baum_chr_open(Chardev *chr,

>          error_setg(errp, "brlapi__openConnection: %s",

>                     brlapi_strerror(brlapi_error_location()));

>          g_free(handle);

> +        baum->brlapi = NULL;

>          return;

>      }

>      baum->deferred_init = 0;

> --

> 2.14.1

> 

>

Michael Tokarev Sept. 24, 2017, 8:49 p.m. UTC | #2

23.09.2017 01:55, Liang Yan wrote:
> Error process of baum_chr_open needs to set brlapi null, so it won't

> get released twice in char_braille_finalize, which will cause

> "/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"


Applied to -trivial, thanks!

/mjt

diff --git a/chardev/baum.c b/chardev/baum.c
index 302dd9666c..67fd783a59 100644
--- a/chardev/baum.c
+++ b/chardev/baum.c
@@ -643,6 +643,7 @@  static void baum_chr_open(Chardev *chr,
         error_setg(errp, "brlapi__openConnection: %s",
                    brlapi_strerror(brlapi_error_location()));
         g_free(handle);
+        baum->brlapi = NULL;
         return;
     }
     baum->deferred_init = 0;

chardev/baum: fix baum that releases brlapi twice

Commit Message

Comments

Patch