[v6,01/10] l2cap: fix access freed memory

Message ID	1408001361-13580-2-git-send-email-zhang.zhanghailiang@huawei.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: zhanghailiang <zhang.zhanghailiang@huawei.com> To: <qemu-devel@nongnu.org> Date: Thu, 14 Aug 2014 15:29:12 +0800 Message-ID: <1408001361-13580-2-git-send-email-zhang.zhanghailiang@huawei.com> In-Reply-To: <1408001361-13580-1-git-send-email-zhang.zhanghailiang@huawei.com> References: <1408001361-13580-1-git-send-email-zhang.zhanghailiang@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: kwolf@redhat.com, lkurusa@redhat.com, zhanghailiang <zhang.zhanghailiang@huawei.com>, mst@redhat.com, qemu-trivial@nongnu.org, jan.kiszka@siemens.com, riku.voipio@iki.fi, mjt@tls.msk.ru, peter.huangpeng@huawei.com, lcapitulino@redhat.com, stefanha@redhat.com, luonengjun@huawei.com, pbonzini@redhat.com, alex.bennee@linaro.org, rth@twiddle.net Subject: [Qemu-devel] [PATCH v6 01/10] l2cap: fix access freed memory Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1408001361-13580-2-git-send-email-zhang.zhanghailiang@huawei.com

State

New

Headers

From: zhanghailiang <zhang.zhanghailiang@huawei.com>
To: <qemu-devel@nongnu.org>
Date: Thu, 14 Aug 2014 15:29:12 +0800
Message-ID: <1408001361-13580-2-git-send-email-zhang.zhanghailiang@huawei.com>
In-Reply-To: <1408001361-13580-1-git-send-email-zhang.zhanghailiang@huawei.com>
References: <1408001361-13580-1-git-send-email-zhang.zhanghailiang@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Cc: kwolf@redhat.com, lkurusa@redhat.com,
	zhanghailiang <zhang.zhanghailiang@huawei.com>, mst@redhat.com,
	qemu-trivial@nongnu.org, jan.kiszka@siemens.com,
	riku.voipio@iki.fi, mjt@tls.msk.ru, peter.huangpeng@huawei.com,
	lcapitulino@redhat.com, stefanha@redhat.com,
	luonengjun@huawei.com, pbonzini@redhat.com,
	alex.bennee@linaro.org, rth@twiddle.net
Subject: [Qemu-devel] [PATCH v6 01/10] l2cap: fix access freed memory
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Zhanghailiang Aug. 14, 2014, 7:29 a.m. UTC

Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after
it was previously freed in 'l2cap_channel_open'.
Assigned it to NULL after it is freed.

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
---
 hw/bt/l2cap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael S. Tsirkin Aug. 14, 2014, 10:19 a.m. UTC | #1

On Thu, Aug 14, 2014 at 03:29:12PM +0800, zhanghailiang wrote:
> Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after
> it was previously freed in 'l2cap_channel_open'.
> Assigned it to NULL after it is freed.

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>


> 
> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com>
> ---
>  hw/bt/l2cap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c
> index 2301d6f..591e047 100644
> --- a/hw/bt/l2cap.c
> +++ b/hw/bt/l2cap.c
> @@ -429,7 +429,7 @@ static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap,
>                  status = L2CAP_CS_NO_INFO;
>              } else {
>                  g_free(ch);
> -
> +                ch = NULL;
>                  result = L2CAP_CR_NO_MEM;
>                  status = L2CAP_CS_NO_INFO;
>              }
> -- 
> 1.7.12.4
>

Michael Tokarev Aug. 15, 2014, 2:58 p.m. UTC | #2

Applied to -trivial, thanks!

/mjt

diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c
index 2301d6f..591e047 100644
--- a/hw/bt/l2cap.c
+++ b/hw/bt/l2cap.c
@@ -429,7 +429,7 @@  static struct l2cap_chan_s *l2cap_channel_open(struct l2cap_instance_s *l2cap,
                 status = L2CAP_CS_NO_INFO;
             } else {
                 g_free(ch);
-
+                ch = NULL;
                 result = L2CAP_CR_NO_MEM;
                 status = L2CAP_CS_NO_INFO;
             }

[v6,01/10] l2cap: fix access freed memory

Commit Message

Comments

Patch