diff mbox

[PULL,02/28] io: avoid double-free when closing QIOChannelBuffer

Message ID d656ec5ea823bcdb59b6512cb73b3f2f97a8308f.1464242913.git.amit.shah@redhat.com
State New
Headers show

Commit Message

Amit Shah May 26, 2016, 6:11 a.m. UTC 
From: "Daniel P. Berrange" <berrange@redhat.com>

The QIOChannelBuffer's close implementation will free
the internal data buffer. It failed to reset the pointer
to NULL though, so when the object is later finalized
it will free it a second time with predictable crash.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <1461751518-12128-3-git-send-email-berrange@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
 io/channel-buffer.c | 1 +
 1 file changed, 1 insertion(+)
diff mbox

Patch

diff --git a/io/channel-buffer.c b/io/channel-buffer.c
index 3e5117b..43d7959 100644
--- a/io/channel-buffer.c
+++ b/io/channel-buffer.c
@@ -140,6 +140,7 @@  static int qio_channel_buffer_close(QIOChannel *ioc,
     QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc);
 
     g_free(bioc->data);
+    bioc->data = NULL;
     bioc->capacity = bioc->usage = bioc->offset = 0;
 
     return 0;