[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 16/32] hw/msmouse.c: Fix deref_after_free and double free

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 22 Apr 2015 16:08:29 +0100
Delivery-date: Wed, 22 Apr 2015 15:20:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

From: Yunlei Ding <yunlei.ding@xxxxxxxxxx>

msmouse_chr_close is only pointed by chr->chr_close in qemu_chr_close
function. After calling chr->chr_close, chr will be freed. So we don't
need to free it again here.

Signed-off-by: Yunlei Ding <yunlei.ding@xxxxxxxxxx>
(defect not identified by Coverity Scan)
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 hw/msmouse.c |    1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/msmouse.c b/hw/msmouse.c
index 69356a5..2d2703b 100644
--- a/hw/msmouse.c
+++ b/hw/msmouse.c
@@ -61,7 +61,6 @@ static int msmouse_chr_write (struct CharDriverState *s, 
const uint8_t *buf, int
 
 static void msmouse_chr_close (struct CharDriverState *chr)
 {
-    qemu_free (chr);
 }
 
 CharDriverState *qemu_chr_open_msmouse(void)
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 00/32] Qemu Traditional bugfixes
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [PATCH 15/32] signal: Don't use uninitalised sival_ptr
Next by Date: [Xen-devel] [PATCH 32/32] block-vvfat: fix resource leaks in read_directory()
Previous by thread: [Xen-devel] [PATCH 15/32] signal: Don't use uninitalised sival_ptr
Next by thread: [Xen-devel] [PATCH 32/32] block-vvfat: fix resource leaks in read_directory()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.