fix use after free

Message ID	1253881857-4256-1-git-send-email-glommer@redhat.com
State	Superseded
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Glauber Costa <glommer@redhat.com> To: qemu-devel@nongnu.org Date: Fri, 25 Sep 2009 08:30:57 -0400 Message-Id: <1253881857-4256-1-git-send-email-glommer@redhat.com> Cc: aliguori@us.ibm.com Subject: [Qemu-devel] [PATCH] fix use after free Precedence: list Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1253881857-4256-1-git-send-email-glommer@redhat.com

State

Superseded

Headers

From: Glauber Costa <glommer@redhat.com>
To: qemu-devel@nongnu.org
Date: Fri, 25 Sep 2009 08:30:57 -0400
Message-Id: <1253881857-4256-1-git-send-email-glommer@redhat.com>
Cc: aliguori@us.ibm.com
Subject: [Qemu-devel] [PATCH] fix use after free
Precedence: list
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Glauber Costa Sept. 25, 2009, 12:30 p.m. UTC

We are using the vs structure when it was just freed. Classic use after free,
fix it.

Signed-off-by: Glauber Costa <glommer@redhat.com>
---
 vnc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/vnc.c b/vnc.c
index 5eaef6a..592c9b3 100644
--- a/vnc.c
+++ b/vnc.c
@@ -918,8 +918,8 @@  static void vnc_disconnect_finish(VncState *vs)
     if (!vs->vd->clients)
         dcl->idle = 1;
 
-    qemu_free(vs);
     vnc_remove_timer(vs->vd);
+    qemu_free(vs);
 }
 
 int vnc_client_io_error(VncState *vs, int ret, int last_errno)

fix use after free

Commit Message

Patch