diff options
author | Daniil Tatianin <d-tatianin@yandex-team.ru> | 2021-11-17 17:23:49 +0300 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2021-11-19 10:24:50 +0100 |
commit | fdc6e168181d06391711171b7c409b34f2981ced (patch) | |
tree | 12664dfcf48c0f1bb85ae17efa499d1d53c39302 /chardev | |
parent | fbab8cc24ded54f371ab9db2c9998be23c158e62 (diff) | |
download | qemu-fdc6e168181d06391711171b7c409b34f2981ced.zip qemu-fdc6e168181d06391711171b7c409b34f2981ced.tar.gz qemu-fdc6e168181d06391711171b7c409b34f2981ced.tar.bz2 |
chardev/wctable: don't free the instance in wctablet_chr_finalize
Object is supposed to be freed by invoking obj->free, and not
obj->instance_finalize. This would lead to use-after-free followed by
double free in object_unref/object_finalize.
Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20211117142349.836279-1-d-tatianin@yandex-team.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'chardev')
-rw-r--r-- | chardev/wctablet.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/chardev/wctablet.c b/chardev/wctablet.c index 95e005f..e8b292c 100644 --- a/chardev/wctablet.c +++ b/chardev/wctablet.c @@ -320,7 +320,6 @@ static void wctablet_chr_finalize(Object *obj) TabletChardev *tablet = WCTABLET_CHARDEV(obj); qemu_input_handler_unregister(tablet->hs); - g_free(tablet); } static void wctablet_chr_open(Chardev *chr, |