It's convenient to call iova_tree_remove from a map returned from iova_tree_find or iova_tree_find_iova. With the current code this is not possible, since we will free it, and then we will try to search for it again.
Fix it making a copy of the argument. Not applying a fixes tag, since there is no use like that at the moment. Signed-off-by: Eugenio Pérez <epere...@redhat.com> --- util/iova-tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/util/iova-tree.c b/util/iova-tree.c index fee530a579..713e3edd7b 100644 --- a/util/iova-tree.c +++ b/util/iova-tree.c @@ -166,9 +166,11 @@ void iova_tree_foreach(IOVATree *tree, iova_tree_iterator iterator) void iova_tree_remove(IOVATree *tree, const DMAMap *map) { + /* Just in case caller is calling iova_tree_remove from a result of find */ + const DMAMap needle = *map; const DMAMap *overlap; - while ((overlap = iova_tree_find(tree, map))) { + while ((overlap = iova_tree_find(tree, &needle))) { g_tree_remove(tree->tree, overlap); } } -- 2.31.1