On 10/23/25 11:10, Akihiko Odaki wrote:
qemu_opts_del(opts) dereferences opts->list, which is the old amend_opts pointer that can be dangling after executing qemu_opts_append(amend_opts, bs->drv->create_opts) and cause use-after-free.Fix the potential use-after-free by moving the qemu_opts_del() call before the qemu_opts_append() call.
This feels like a qemu-stable material, is it not? Thanks, /mjt
