msmouse: Fix segfault caused by free the chr before chardev cleanup. - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Lin Ma	2016-09-15 16:31:58 +0200
committer	Paolo Bonzini	2016-09-22 20:20:53 +0200
commit	9e14037f05e99ca3b8a33d8be9a2a636bbf09326 (patch)
tree	cc370c0f4bd2e33a157672a4076608ba1a156b42 /hw/timer/pl031.c
parent	iscsi: Fix divide-by-zero regression on raw SG devices (diff)
download	qemu-9e14037f05e99ca3b8a33d8be9a2a636bbf09326.tar.gz qemu-9e14037f05e99ca3b8a33d8be9a2a636bbf09326.tar.xz qemu-9e14037f05e99ca3b8a33d8be9a2a636bbf09326.zip

msmouse: Fix segfault caused by free the chr before chardev cleanup.

Segfault happens when leaving qemu with msmouse backend: #0 0x00007fa8526ac975 in raise () at /lib64/libc.so.6 #1 0x00007fa8526add8a in abort () at /lib64/libc.so.6 #2 0x0000558be78846ab in error_exit (err=16, msg=0x558be799da10 ... #3 0x0000558be7884717 in qemu_mutex_destroy (mutex=0x558be93be750) at ... #4 0x0000558be7549951 in qemu_chr_free_common (chr=0x558be93be750) at ... #5 0x0000558be754999c in qemu_chr_free (chr=0x558be93be750) at ... #6 0x0000558be7549a20 in qemu_chr_delete (chr=0x558be93be750) at ... #7 0x0000558be754a8ef in qemu_chr_cleanup () at qemu-char.c:4643 #8 0x0000558be755843e in main (argc=5, argv=0x7ffe925d7118, ... The chr was freed by msmouse close callback before chardev cleanup, Then qemu_mutex_destroy triggered raise(). Because freeing chr is handled by qemu_chr_free_common, Remove the free from msmouse_chr_close to avoid double free. Fixes: c1111a24a3358ecd2f17be7c8b117cfe8bc5e5f8 Cc: qemu-stable@nongnu.org Signed-off-by: Lin Ma <lma@suse.com> Message-Id: <20160915143158.4796-1-lma@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'hw/timer/pl031.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: