mirror of
https://gitlab.com/qemu-project/qemu
synced 2024-09-06 01:43:39 +00:00
io: fix possible double free of task error object
If a QIOTask has an error set and the calling code uses qio_task_propagate_error() to steal the reference to that Error object, the task would not clear its own reference. This would lead to a double-free when qio_task_free runs, if the caller had (correctly) freed the Error object they now owned. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
c7f1cf01b8
commit
80fb34eda0
|
@ -157,6 +157,7 @@ bool qio_task_propagate_error(QIOTask *task,
|
||||||
{
|
{
|
||||||
if (task->err) {
|
if (task->err) {
|
||||||
error_propagate(errp, task->err);
|
error_propagate(errp, task->err);
|
||||||
|
task->err = NULL;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -127,7 +127,7 @@ static void test_task_failure(void)
|
||||||
g_assert(data.source == obj);
|
g_assert(data.source == obj);
|
||||||
g_assert(data.err == err);
|
g_assert(data.err == err);
|
||||||
g_assert(data.freed == false);
|
g_assert(data.freed == false);
|
||||||
|
error_free(data.err);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -238,6 +238,8 @@ static void test_task_thread_failure(void)
|
||||||
g_assert(data.source == obj);
|
g_assert(data.source == obj);
|
||||||
g_assert(data.err != NULL);
|
g_assert(data.err != NULL);
|
||||||
|
|
||||||
|
error_free(data.err);
|
||||||
|
|
||||||
self = g_thread_self();
|
self = g_thread_self();
|
||||||
|
|
||||||
/* Make sure the test_task_thread_worker actually got
|
/* Make sure the test_task_thread_worker actually got
|
||||||
|
|
Loading…
Reference in a new issue