diff options
author | zhanghailiang <zhang.zhanghailiang@huawei.com> | 2017-02-28 11:54:18 +0800 |
---|---|---|
committer | Jason Wang <jasowang@redhat.com> | 2017-03-06 11:46:02 +0800 |
commit | 0e79668e1ffcfabb259bea6c2a2bae00a6b27252 (patch) | |
tree | 530745cf641ca07f3d93720fb6f782c9373024c9 /net/colo.c | |
parent | a11f5cb005f9854f0d78da97fc23adf5bc8c83f3 (diff) | |
download | qemu-0e79668e1ffcfabb259bea6c2a2bae00a6b27252.zip qemu-0e79668e1ffcfabb259bea6c2a2bae00a6b27252.tar.gz qemu-0e79668e1ffcfabb259bea6c2a2bae00a6b27252.tar.bz2 |
net/colo: fix memory double free error
The 'primary_list' and 'secondary_list' members of struct Connection
is not allocated through dynamically g_queue_new(), but we free it by using
g_queue_free(), which will lead to a double-free bug.
Reviewed-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'net/colo.c')
-rw-r--r-- | net/colo.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -147,9 +147,9 @@ void connection_destroy(void *opaque) Connection *conn = opaque; g_queue_foreach(&conn->primary_list, packet_destroy, NULL); - g_queue_free(&conn->primary_list); + g_queue_clear(&conn->primary_list); g_queue_foreach(&conn->secondary_list, packet_destroy, NULL); - g_queue_free(&conn->secondary_list); + g_queue_clear(&conn->secondary_list); g_slice_free(Connection, conn); } |