From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1H4gPh-0006zf-AZ for qemu-devel@nongnu.org; Wed, 10 Jan 2007 11:34:57 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1H4gPg-0006xr-GP for qemu-devel@nongnu.org; Wed, 10 Jan 2007 11:34:56 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H4gPg-0006xJ-81 for qemu-devel@nongnu.org; Wed, 10 Jan 2007 11:34:56 -0500 Received: from [81.255.54.11] (helo=mx.laposte.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1H4gPf-0005VX-TG for qemu-devel@nongnu.org; Wed, 10 Jan 2007 11:34:56 -0500 Received: from smtp.laposte.net (10.150.9.38) by mx.laposte.net (7.2.060.1) id 457DD27D02678CDF for qemu-devel@nongnu.org; Wed, 10 Jan 2007 17:34:56 +0100 Received: from smtpin.laposte.net (10.150.9.74) by smtp.laposte.net (7.3.105.2) id 459FB4F8004A7E73 for qemu-devel@nongnu.org; Wed, 10 Jan 2007 17:42:40 +0100 Received: from bibi (217.128.241.130) by smtpin.laposte.net (7.2.060.1) (authenticated as jerome.arbez-gindre) id 458943A4001BE4ED for qemu-devel@nongnu.org; Wed, 10 Jan 2007 17:34:53 +0100 Subject: [Qemu-devel] [PATCH] better handling of removal in IOHandlerRecord list From: jerome Arbez-Gindre Content-Type: text/plain Date: Wed, 10 Jan 2007 17:34:50 +0100 Message-Id: <1168446890.24524.11.camel@bibi> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, by a call to qemu_set_fd_handler(fd,NULL,NULL,NULL) in the fd_read callback, I have generated a "Segmentation fault" in vl.c. My solution is not very smart... but it is very simple. Index: vl.c =================================================================== RCS file: /sources/qemu/qemu/vl.c,v retrieving revision 1.236 diff -u -r1.236 vl.c --- vl.c 9 Jan 2007 19:44:41 -0000 1.236 +++ vl.c 10 Jan 2007 16:06:45 -0000 @@ -5926,6 +5926,11 @@ if (FD_ISSET(ioh->fd, &rfds)) { ioh->fd_read(ioh->opaque); } + } + /* the IOHandlerRecord could have been removed from the list + and freed during ioh->fd_read call */ + for(ioh = first_io_handler; ioh != NULL; ioh = ioh_next) { + ioh_next = ioh->next; if (FD_ISSET(ioh->fd, &wfds)) { ioh->fd_write(ioh->opaque); }