On 2025/11/13 17:29, Michael Tokarev wrote:
On 10/23/25 11:10, Akihiko Odaki wrote:qemu_opts_del(opts) dereferences opts->list, which is the old amend_opts pointer that can be dangling after executing qemu_opts_append(amend_opts, bs->drv->create_opts) and cause use-after-free.Fix the potential use-after-free by moving the qemu_opts_del() call before the qemu_opts_append() call.This feels like a qemu-stable material, is it not?
It is nice to have it backported. Regards, Akihiko Odaki
