-
由 Daniel P. Berrange 提交于
The autodestroy callback code has the following function called from a hash iterator qemuDriverCloseCallbackRun(void *payload, const void *name, void *opaque) { ... char *uuidstr = name ... dom = closeDef->cb(data->driver, dom, data->conn); if (dom) virObjectUnlock(dom); virHashRemoveEntry(data->driver->closeCallbacks, uuidstr); } The closeDef->cb function may well cause the current callback to be removed, if it shuts down 'dom'. As such the use of 'uuidstr' in virHashRemoveEntry is accessing free'd memory. We must make a copy of the uuid str before invoking the callback to be safe. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
4e4c6620