From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1JzBD2-0005Gq-Np
	for qemu-devel@nongnu.org; Thu, 22 May 2008 09:51:56 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1JzBCz-0005FJ-KP
	for qemu-devel@nongnu.org; Thu, 22 May 2008 09:51:53 -0400
Received: from [199.232.76.173] (port=59330 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1JzBCy-0005F4-QJ
	for qemu-devel@nongnu.org; Thu, 22 May 2008 09:51:52 -0400
Received: from savannah.gnu.org ([199.232.41.3]:51822 helo=sv.gnu.org)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <ths@networkno.de>) id 1JzBCy-0004Js-0e
	for qemu-devel@nongnu.org; Thu, 22 May 2008 09:51:52 -0400
Received: from cvs.savannah.gnu.org ([199.232.41.69])
	by sv.gnu.org with esmtp (Exim 4.63)
	(envelope-from <ths@networkno.de>) id 1JzBCw-0001pF-6W
	for qemu-devel@nongnu.org; Thu, 22 May 2008 13:51:50 +0000
Received: from ths by cvs.savannah.gnu.org with local (Exim 4.63)
	(envelope-from <ths@savannah.gnu.org>) id 1JzBCv-0001pB-UE
	for qemu-devel@nongnu.org; Thu, 22 May 2008 13:51:50 +0000
MIME-Version: 1.0
Errors-To: ths
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Thiemo Seufer <ths@networkno.de>
Message-Id: <E1JzBCv-0001pB-UE@cvs.savannah.gnu.org>
Date: Thu, 22 May 2008 13:51:49 +0000
Subject: [Qemu-devel] [4526] Fix block-vmdk.c:vmdk_close() use-after-free,
	by Ed Maste.
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Revision: 4526
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=4526
Author:   ths
Date:     2008-05-22 13:51:48 +0000 (Thu, 22 May 2008)

Log Message:
-----------
Fix block-vmdk.c:vmdk_close() use-after-free, by Ed Maste.

Modified Paths:
--------------
    trunk/block-vmdk.c

Modified: trunk/block-vmdk.c
===================================================================
--- trunk/block-vmdk.c	2008-05-22 13:25:14 UTC (rev 4525)
+++ trunk/block-vmdk.c	2008-05-22 13:51:48 UTC (rev 4526)
@@ -808,9 +808,9 @@
 
     qemu_free(s->l1_table);
     qemu_free(s->l2_cache);
-    bdrv_delete(s->hd);
     // try to close parent image, if exist
     vmdk_parent_close(s->hd);
+    bdrv_delete(s->hd);
 }
 
 static void vmdk_flush(BlockDriverState *bs)