From: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: Tue, 23 Feb 2016 18:10:51 +0000 (+0100)
Subject: qemu-char: avoid potential double-free
X-Git-Tag: v2.6.0-rc0~38^2~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=869a58af86d5bb2533908dc53cc28de6e85edf38;p=thirdparty%2Fqemu.git

qemu-char: avoid potential double-free

If tcp_set_msgfds() is called several time with NULL fds, this
could lead to double-free.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---

diff --git a/qemu-char.c b/qemu-char.c
index e0147f3e8bd..fc4611d3b80 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2697,6 +2697,7 @@ static int tcp_set_msgfds(CharDriverState *chr, int *fds, int num)
     }
     /* clear old pending fd array */
     g_free(s->write_msgfds);
+    s->write_msgfds = NULL;
 
     if (num) {
         s->write_msgfds = g_new(int, num);