Re: [libvirt] [PATCH 2/3] qemu: hotplug: Fix double free on USB collision
On Thu, Dec 05, 2013 at 15:40:27 -0500, Cole Robinson wrote: If we hit a collision, we free the USB device while it is still part of our temporary USBDeviceList. When the list is unref'd, the device is free'd again. Make the initial device freeing dependent on whether it is present in the temporary list or not. --- src/qemu/qemu_hotplug.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index bff9e23..b7512a7 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1518,7 +1518,10 @@ cleanup: } if (added) virUSBDeviceListSteal(driver-activeUsbHostdevs, usb); -virUSBDeviceFree(usb); +if (list usb +!virUSBDeviceListFind(list, usb) +!virUSBDeviceListFind(driver-activeUsbHostdevs, usb)) +virUSBDeviceFree(usb); virObjectUnref(list); VIR_FREE(devstr); return ret; ACK Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 2/3] qemu: hotplug: Fix double free on USB collision
If we hit a collision, we free the USB device while it is still part of our temporary USBDeviceList. When the list is unref'd, the device is free'd again. Make the initial device freeing dependent on whether it is present in the temporary list or not. --- src/qemu/qemu_hotplug.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index bff9e23..b7512a7 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1518,7 +1518,10 @@ cleanup: } if (added) virUSBDeviceListSteal(driver-activeUsbHostdevs, usb); -virUSBDeviceFree(usb); +if (list usb +!virUSBDeviceListFind(list, usb) +!virUSBDeviceListFind(driver-activeUsbHostdevs, usb)) +virUSBDeviceFree(usb); virObjectUnref(list); VIR_FREE(devstr); return ret; -- 1.8.4.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
