Patchwork monitor: use after free in do_wav_capture()

login
register
mail settings
Submitter Isaku Yamahata
Date Jan. 21, 2011, 10:53 a.m.
Message ID <2dac1b89aab499f4cf2da4e26bbd4287cb1c62f8.1295607130.git.yamahata@valinux.co.jp>
Download mbox | patch
Permalink /patch/79827/
State New
Headers show

Comments

Isaku Yamahata - Jan. 21, 2011, 10:53 a.m.
use after free in do_wav_capture() on the error path.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
---
 monitor.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
Aurelien Jarno - Jan. 25, 2011, 8:24 a.m.
On Fri, Jan 21, 2011 at 07:53:55PM +0900, Isaku Yamahata wrote:
> use after free in do_wav_capture() on the error path.
> 
> Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
> ---
>  monitor.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)

Thanks, applied.

> diff --git a/monitor.c b/monitor.c
> index d291158..cab5f20 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -2511,6 +2511,7 @@ static void do_wav_capture(Monitor *mon, const QDict *qdict)
>      if (wav_start_capture (s, path, freq, bits, nchannels)) {
>          monitor_printf(mon, "Faied to add wave capture\n");
>          qemu_free (s);
> +        return;
>      }
>      QLIST_INSERT_HEAD (&capture_head, s, entries);
>  }
> -- 
> 1.7.1.1
> 
> 
>

Patch

diff --git a/monitor.c b/monitor.c
index d291158..cab5f20 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2511,6 +2511,7 @@  static void do_wav_capture(Monitor *mon, const QDict *qdict)
     if (wav_start_capture (s, path, freq, bits, nchannels)) {
         monitor_printf(mon, "Faied to add wave capture\n");
         qemu_free (s);
+        return;
     }
     QLIST_INSERT_HEAD (&capture_head, s, entries);
 }