diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2016-02-23 19:10:51 +0100 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2016-03-11 16:59:12 +0200 |
commit | 869a58af86d5bb2533908dc53cc28de6e85edf38 (patch) | |
tree | 29e0da4c2aaca91d9ca81e902e68e5d46313719e /qemu-char.c | |
parent | b7fcb3603cd9e44d643636ad797e66f2ea9096da (diff) | |
download | qemu-869a58af86d5bb2533908dc53cc28de6e85edf38.zip qemu-869a58af86d5bb2533908dc53cc28de6e85edf38.tar.gz qemu-869a58af86d5bb2533908dc53cc28de6e85edf38.tar.bz2 |
qemu-char: avoid potential double-free
If tcp_set_msgfds() is called several time with NULL fds, this
could lead to double-free.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'qemu-char.c')
-rw-r--r-- | qemu-char.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/qemu-char.c b/qemu-char.c index e0147f3..fc4611d 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -2697,6 +2697,7 @@ static int tcp_set_msgfds(CharDriverState *chr, int *fds, int num) } /* clear old pending fd array */ g_free(s->write_msgfds); + s->write_msgfds = NULL; if (num) { s->write_msgfds = g_new(int, num); |