aboutsummaryrefslogtreecommitdiff
path: root/hw/pci
diff options
context:
space:
mode:
authorMatthias Weckbecker <matthias@weckbecker.name>2018-12-10 14:00:48 +0100
committerMichael S. Tsirkin <mst@redhat.com>2018-12-19 16:48:16 -0500
commite7176cdbe4d5e4b68459af741d6493886e4dad29 (patch)
tree11d7cb3284f97a77cb6223d8a943b666ba957273 /hw/pci
parenta2eb5c0cf7cc77736219015b840c5299499b1357 (diff)
downloadqemu-e7176cdbe4d5e4b68459af741d6493886e4dad29.zip
qemu-e7176cdbe4d5e4b68459af741d6493886e4dad29.tar.gz
qemu-e7176cdbe4d5e4b68459af741d6493886e4dad29.tar.bz2
hw/pci-bridge: Fix invalid free()
When loadvm'ing a *running* snapshot qemu crashes due to an invalid free. It's fortunately caught early by glibc heap memory corruption protection and qemu gets killed with SIGABRT. Steps to reproduce: 1) Create VM (e.g w/ virsh define) 2) Start the VM and take a snapshot while it's running and having a PCI bridge attached 3) Destroy the VM and revert the running snapshot. This commit fixes the issue. Signed-off-by: Matthias Weckbecker <matthias@weckbecker.name> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/pci')
-rw-r--r--hw/pci/pci_bridge.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index ee9dff2..b9143ac 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -241,9 +241,9 @@ void pci_bridge_update_mappings(PCIBridge *br)
* while another accesses an unaffected region. */
memory_region_transaction_begin();
pci_bridge_region_del(br, br->windows);
+ pci_bridge_region_cleanup(br, w);
br->windows = pci_bridge_region_init(br);
memory_region_transaction_commit();
- pci_bridge_region_cleanup(br, w);
}
/* default write_config function for PCI-to-PCI bridge */