* Vladimir Sementsov-Ogievskiy (vsement...@virtuozzo.com) wrote: > hmp_savevm calls qemu_savevm_state(f), which sets to_dst_file=f in > global migration state. Then hmp_savevm closes f (g_free called). > > Next access to to_dst_file in migration state (for example, > qmp_migrate_set_speed) will use it after it was freed. > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsement...@virtuozzo.com>
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com> > --- > migration/savevm.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/migration/savevm.c b/migration/savevm.c > index 75e56d2d07..fcb8fd8acd 100644 > --- a/migration/savevm.c > +++ b/migration/savevm.c > @@ -1276,6 +1276,11 @@ done: > status = MIGRATION_STATUS_COMPLETED; > } > migrate_set_state(&ms->state, MIGRATION_STATUS_SETUP, status); > + > + /* f is outer parameter, it should not stay in global migration state > after > + * this function finished */ > + ms->to_dst_file = NULL; > + > return ret; > } > > -- > 2.11.1 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK