aboutsummaryrefslogtreecommitdiff
path: root/hw/ioapic_common.c
diff options
context:
space:
mode:
authorAnthony Liguori <aliguori@us.ibm.com>2012-06-27 07:37:54 -0500
committerMichael Roth <mdroth@linux.vnet.ibm.com>2012-08-21 15:36:35 -0500
commit36ed337845a00240c370bbea782f953a8110d0c0 (patch)
tree07b5bf1545c1363092d76407e5c1cc00612138f5 /hw/ioapic_common.c
parent5a1800cf1cc7869d29e6bd299dddbab7a3acbb2b (diff)
qdev: fix use-after-free in the error path of qdev_init_nofail
From Markus: Before: $ qemu-system-x86_64 -display none -drive if=ide qemu-system-x86_64: Device needs media, but drive is empty qemu-system-x86_64: Initialization of device ide-hd failed [Exit 1 ] After: $ qemu-system-x86_64 -display none -drive if=ide qemu-system-x86_64: Device needs media, but drive is empty Segmentation fault (core dumped) [Exit 139 (SIGSEGV)] This error always existed as qdev_init() frees the object. But QOM goes a bit further and purposefully sets the class pointer to NULL to help find use-after-free. It worked :-) Cc: Andreas Faerber <afaerber@suse.de> Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit 7de3abe505e34398cef5bddf6c4d0bd9ee47007f) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Diffstat (limited to 'hw/ioapic_common.c')
0 files changed, 0 insertions, 0 deletions