Commit 6b9d62c2 authored Aug 22, 2019 by Markus Armbruster Committed by Kevin Wolf Sep 10, 2019

pr-manager: Fix invalid g_free() crash bug



pr_manager_worker() passes its @opaque argument to g_free().  Wrong;
it points to pr_manager_worker()'s automatic @data.  Broken when
commit 2f3a7ab3 converted @data from heap- to stack-allocated.  Fix
by deleting the g_free().

Fixes: 2f3a7ab3
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

parent ae6ef019

scsi/pr-manager.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -39,7 +39,6 @@ static int pr_manager_worker(void *opaque)
		int fd = data->fd;
		int r;

		g_free(data);
		trace_pr_manager_run(fd, hdr->cmdp[0], hdr->cmdp[1]);

		/* The reference was taken in pr_manager_execute. */