49 lines
1.6 KiB
Diff
49 lines
1.6 KiB
Diff
From cdf8379fbddb8c51f35af2934908e80524a3fd6a Mon Sep 17 00:00:00 2001
|
|
From: Xu Yandong <xuyandong2@huawei.com>
|
|
Date: Wed, 15 Apr 2020 14:03:07 +0800
|
|
Subject: nodedev: fix potential heap use after free
|
|
|
|
After move device enumumeration into a thread(commit 9f0ae0b18e3),
|
|
flag driversInitialized no longer represent stateInitialized finished
|
|
complete, so reference driver->devs before use it to prevent devs freed
|
|
by virStateCleanup.
|
|
|
|
Signed-off-by: Xu Yandong <xuyandong2@huawei.com>
|
|
---
|
|
src/node_device/node_device_udev.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
|
|
index 8451903..a1391fb 100644
|
|
--- a/src/node_device/node_device_udev.c
|
|
+++ b/src/node_device/node_device_udev.c
|
|
@@ -1261,8 +1261,8 @@ udevSetParent(struct udev_device *device,
|
|
virNodeDeviceDefPtr objdef;
|
|
|
|
parent_device = device;
|
|
+ virObjectRef(driver->devs);
|
|
do {
|
|
-
|
|
parent_device = udev_device_get_parent(parent_device);
|
|
if (parent_device == NULL)
|
|
break;
|
|
@@ -1272,6 +1272,7 @@ udevSetParent(struct udev_device *device,
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
_("Could not get syspath for parent of '%s'"),
|
|
udev_device_get_syspath(parent_device));
|
|
+ virObjectUnref(driver->devs);
|
|
return -1;
|
|
}
|
|
|
|
@@ -1289,6 +1290,7 @@ udevSetParent(struct udev_device *device,
|
|
if (!def->parent)
|
|
def->parent = g_strdup("computer");
|
|
|
|
+ virObjectUnref(driver->devs);
|
|
return 0;
|
|
}
|
|
|
|
--
|
|
2.23.0
|
|
|