aboutsummaryrefslogtreecommitdiff
path: root/aio.c
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2012-09-26 15:21:36 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2012-10-30 09:30:53 +0100
commit4231c88d27d9e46e6ad6e6b7bbb6e442bcf9cd05 (patch)
treed6c97afb6796e405da1f4afec3a51689afbd2dad /aio.c
parenta915f4bc977c4f3aab08a78023c1303664d1c606 (diff)
downloadqemu-4231c88d27d9e46e6ad6e6b7bbb6e442bcf9cd05.zip
qemu-4231c88d27d9e46e6ad6e6b7bbb6e442bcf9cd05.tar.gz
qemu-4231c88d27d9e46e6ad6e6b7bbb6e442bcf9cd05.tar.bz2
aio: test node->deleted before calling io_flush
Otherwise, there could be a case where io_flush accesses freed memory because it should not have been called. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'aio.c')
-rw-r--r--aio.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/aio.c b/aio.c
index c89f1e9..734d2cf 100644
--- a/aio.c
+++ b/aio.c
@@ -122,7 +122,7 @@ bool aio_wait(AioContext *ctx)
* Otherwise, if there are no AIO requests, qemu_aio_wait() would
* wait indefinitely.
*/
- if (node->io_flush) {
+ if (!node->deleted && node->io_flush) {
if (node->io_flush(node->opaque) == 0) {
continue;
}