aboutsummaryrefslogtreecommitdiff
path: root/block
diff options
context:
space:
mode:
authorVladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>2020-05-07 21:38:00 +0300
committerMax Reitz <mreitz@redhat.com>2020-05-13 14:20:31 +0200
commitfc9aefc8c0d3c6392656ea661ce72c1583b70bbd (patch)
treecd665ce0f5dd06ab74b5c34a14e89eae0adab326 /block
parentdd488fc1c000700741355426198d240c6f25ccb7 (diff)
downloadqemu-fc9aefc8c0d3c6392656ea661ce72c1583b70bbd.zip
qemu-fc9aefc8c0d3c6392656ea661ce72c1583b70bbd.tar.gz
qemu-fc9aefc8c0d3c6392656ea661ce72c1583b70bbd.tar.bz2
block/block-copy: fix use-after-free of task pointer
Obviously, we should g_free the task after trace point and offset update. Reported-by: Coverity (CID 1428756) Fixes: 4ce5dd3e9b5ee0fac18625860eb3727399ee965e Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200507183800.22626-1-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/block-copy.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/block/block-copy.c b/block/block-copy.c
index 0350068..4713c8f 100644
--- a/block/block-copy.c
+++ b/block/block-copy.c
@@ -591,13 +591,13 @@ static int coroutine_fn block_copy_dirty_clusters(BlockCopyState *s,
}
if (s->skip_unallocated && !(ret & BDRV_BLOCK_ALLOCATED)) {
block_copy_task_end(task, 0);
- g_free(task);
progress_set_remaining(s->progress,
bdrv_get_dirty_count(s->copy_bitmap) +
s->in_flight_bytes);
trace_block_copy_skip_range(s, task->offset, task->bytes);
offset = task_end(task);
bytes = end - offset;
+ g_free(task);
continue;
}
task->zeroes = ret & BDRV_BLOCK_ZERO;