On Tue, Feb 09, 2021 at 04:37:54PM +0100, Eugenio Pérez wrote:
> +/*
> + * Creates vhost shadow virtqueue, and instruct vhost device to use the shadow
> + * methods and file descriptors.
> + */
> +VhostShadowVirtqueue *vhost_shadow_vq_new(struct vhost_dev *dev, int idx)
> +{
> + g_autofree VhostShadowVirtqueue *svq = g_new0(VhostShadowVirtqueue, 1);
> + int r;
> +
> + r = event_notifier_init(&svq->kick_notifier, 0);
> + if (r != 0) {
> + error_report("Couldn't create kick event notifier: %s",
> + strerror(errno));
> + goto err_init_kick_notifier;
> + }
> +
> + r = event_notifier_init(&svq->call_notifier, 0);
> + if (r != 0) {
> + error_report("Couldn't create call event notifier: %s",
> + strerror(errno));
> + goto err_init_call_notifier;
> + }
> +
> + return svq;
Use-after-free due to g_autofree. I think this should be:
return g_steal_pointer(&svq)
https://developer.gnome.org/glib/stable/glib-Memory-Allocation.html#g-steal-pointer
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
