WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] qemu: fix use after free

from [Jan Beulich] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] qemu: fix use after free
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Fri, 14 Jan 2011 10:58:32 +0000
Cc: Chun Yan Liu <CYLiu@xxxxxxxxxx>
Delivery-date: Fri, 14 Jan 2011 03:00:08 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Commit 99d53fbb69d3e03be61ae10506a304a3d08d792f introduced this, and
the compiler indirectly warned about it.

The patch is only compile tested (I don't even know how to reproduce
the original problem), but I suppose worth applying regardless.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Cc: Chun Yan Liu <cyliu@xxxxxxxxxx>

--- a/keymaps.c
+++ b/keymaps.c
@@ -56,15 +56,12 @@ typedef struct {
 
 static void del_key_range(struct key_range **krp, int code) {
     struct key_range *kr;
-    struct key_range *kr_pr;
-    for (kr = *krp; kr; kr_pr = kr, kr = kr->next) {
+    while ((kr = *krp) != NULL) {
         if (code >= kr->start && code <= kr->end) {
-            if (kr == *krp)
-                *krp = kr->next;
-            else
-                kr_pr->next = kr->next;
+            *krp = kr->next;
             qemu_free(kr);
-        }
+        } else
+            krp = &kr->next;
     }
 }

Attachment: qemu-fix-7433.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Re: Avoid alloc for xsave before xsave_init, Keir Fraser
Next by Date:  Re: [Xen-devel] [PATCH] MP interrupt delivery fix for xen-3.4, George Dunlap
Previous by Thread:  [Xen-devel] Remus python issue, Denis Chapligin
Next by Thread:  Re: [Xen-devel] [PATCH] qemu: fix use after free, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy