From: Max Reitz <mreitz@redhat.com>
To: qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>,
qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>
Subject: [PULL 5/5] block/block-copy: fix use-after-free of task pointer
Date: Wed, 13 May 2020 16:15:44 +0200 [thread overview]
Message-ID: <20200513141544.1459069-6-mreitz@redhat.com> (raw)
In-Reply-To: <20200513141544.1459069-1-mreitz@redhat.com>
From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Obviously, we should g_free the task after trace point and offset
update.
Reported-by: Coverity (CID 1428756)
Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200507183800.22626-1-vsementsov@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
---
block/block-copy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/block-copy.c b/block/block-copy.c
index 03500680f7..4713c8f2a3 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -591,13 +591,13 @@ static int coroutine_fn block_copy_dirty_clusters(BlockCopyState *s,
}
if (s->skip_unallocated && !(ret & BDRV_BLOCK_ALLOCATED)) {
block_copy_task_end(task, 0);
- g_free(task);
progress_set_remaining(s->progress,
bdrv_get_dirty_count(s->copy_bitmap) +
s->in_flight_bytes);
trace_block_copy_skip_range(s, task->offset, task->bytes);
offset = task_end(task);
bytes = end - offset;
+ g_free(task);
continue;
}
task->zeroes = ret & BDRV_BLOCK_ZERO;
--
2.26.2
next prev parent reply other threads:[~2020-05-13 14:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-13 14:15 [PULL 0/5] Block patches Max Reitz
2020-05-13 14:15 ` [PULL 1/5] qcow2: introduce compression type feature Max Reitz
2020-05-13 14:15 ` [PULL 2/5] qcow2: rework the cluster compression routine Max Reitz
2020-05-13 14:15 ` [PULL 3/5] qcow2: add zstd cluster compression Max Reitz
2020-05-13 14:15 ` [PULL 4/5] iotests: 287: add qcow2 compression type test Max Reitz
2020-05-13 14:15 ` Max Reitz [this message]
2020-05-14 9:52 ` [PULL 0/5] Block patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200513141544.1459069-6-mreitz@redhat.com \
--to=mreitz@redhat.com \
--cc=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).