From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Date: Tue, 24 Mar 2020 15:36:28 +0000 (+0300)
Subject: migration/colo: fix use after free of local_err
X-Git-Tag: v4.2.1~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09397e965739bd7da25bf1739a89fe2f245e8446;p=thirdparty%2Fqemu.git

migration/colo: fix use after free of local_err

local_err is used again in secondary_vm_do_failover() after
replication_stop_all(), so we must zero it. Otherwise try to set
non-NULL local_err will crash.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-5-vsementsov@virtuozzo.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
(cherry picked from commit 27d07fcfa70c3afa0664288cbce5334ed9595a3a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---

diff --git a/migration/colo.c b/migration/colo.c
index 2c88aa57a29..6d46800aa6a 100644
--- a/migration/colo.c
+++ b/migration/colo.c
@@ -92,6 +92,7 @@ static void secondary_vm_do_failover(void)
     replication_stop_all(true, &local_err);
     if (local_err) {
         error_report_err(local_err);
+        local_err = NULL;
     }
 
     /* Notify all filters of all NIC to do checkpoint */