aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2013-03-15 10:35:06 +0100
committerStefan Hajnoczi <stefanha@redhat.com>2013-03-15 16:07:49 +0100
commitbb44619b06c0bef20b658ff532cf850c16362ae7 (patch)
tree7adc7541947c77e634077d8c1451da5aba62d633
parent376609cc6c03c2ffc8c323d804d27f95346cac08 (diff)
downloadqemu-bb44619b06c0bef20b658ff532cf850c16362ae7.zip
qemu-bb44619b06c0bef20b658ff532cf850c16362ae7.tar.gz
qemu-bb44619b06c0bef20b658ff532cf850c16362ae7.tar.bz2
blockdev: Keep a copy of DriveInfo.serial
Pointing to a QemuOpts element is surprising and can lead to subtle use-after-free errors when the QemuOpts is freed after all options are parsed. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
-rw-r--r--blockdev.c5
-rw-r--r--include/sysemu/blockdev.h2
2 files changed, 5 insertions, 2 deletions
diff --git a/blockdev.c b/blockdev.c
index d679174..acf1c32 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -191,6 +191,7 @@ static void drive_uninit(DriveInfo *dinfo)
bdrv_delete(dinfo->bdrv);
g_free(dinfo->id);
QTAILQ_REMOVE(&drives, dinfo, next);
+ g_free(dinfo->serial);
g_free(dinfo);
}
@@ -566,7 +567,9 @@ DriveInfo *drive_init(QemuOpts *opts, BlockInterfaceType block_default_type)
dinfo->trans = translation;
dinfo->opts = opts;
dinfo->refcount = 1;
- dinfo->serial = serial;
+ if (serial != NULL) {
+ dinfo->serial = g_strdup(serial);
+ }
QTAILQ_INSERT_TAIL(&drives, dinfo, next);
bdrv_set_on_error(dinfo->bdrv, on_read_error, on_write_error);
diff --git a/include/sysemu/blockdev.h b/include/sysemu/blockdev.h
index 1fe5332..804ec88 100644
--- a/include/sysemu/blockdev.h
+++ b/include/sysemu/blockdev.h
@@ -40,7 +40,7 @@ struct DriveInfo {
int media_cd;
int cyls, heads, secs, trans;
QemuOpts *opts;
- const char *serial;
+ char *serial;
QTAILQ_ENTRY(DriveInfo) next;
int refcount;
};