diff options
author | Alexander Barabash <alexander_barabash@mentor.com> | 2012-02-22 19:22:26 +0200 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2012-02-22 13:24:30 -0600 |
commit | f0cdc966fb8998bc6acc15fbd360e52061495557 (patch) | |
tree | ea0db3d4a80842fee1e2f560acf085688ba4eacd /qom | |
parent | adbbdf2484b74a4216e4b481ec6146e3ea0061e4 (diff) | |
download | qemu-f0cdc966fb8998bc6acc15fbd360e52061495557.zip qemu-f0cdc966fb8998bc6acc15fbd360e52061495557.tar.gz qemu-f0cdc966fb8998bc6acc15fbd360e52061495557.tar.bz2 |
qom: In function object_set_link_property(), first call object_ref(), then object_unref().
In the old implementation, if the new value of the property links
to the same object, as the old value, that object is first unref-ed,
and then ref-ed. This leads to unintended deinitialization of that object.
In the new implementation, this is fixed.
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Barabash <alexander_barabash@mentor.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'qom')
-rw-r--r-- | qom/object.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/qom/object.c b/qom/object.c index d858c04..aa037d2 100644 --- a/qom/object.c +++ b/qom/object.c @@ -892,6 +892,7 @@ static void object_set_link_property(Object *obj, Visitor *v, void *opaque, const char *name, Error **errp) { Object **child = opaque; + Object *old_target; bool ambiguous = false; const char *type; char *path; @@ -901,10 +902,8 @@ static void object_set_link_property(Object *obj, Visitor *v, void *opaque, visit_type_str(v, &path, name, errp); - if (*child) { - object_unref(*child); - *child = NULL; - } + old_target = *child; + *child = NULL; if (strcmp(path, "") != 0) { Object *target; @@ -930,6 +929,10 @@ static void object_set_link_property(Object *obj, Visitor *v, void *opaque, } g_free(path); + + if (old_target != NULL) { + object_unref(old_target); + } } void object_property_add_link(Object *obj, const char *name, |