提交 bb44619b 编写于 作者: K Kevin Wolf 提交者: Stefan Hajnoczi

blockdev: Keep a copy of DriveInfo.serial

Pointing to a QemuOpts element is surprising and can lead to subtle
use-after-free errors when the QemuOpts is freed after all options are
parsed.
Signed-off-by: NKevin Wolf <kwolf@redhat.com>
Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
上级 376609cc
...@@ -191,6 +191,7 @@ static void drive_uninit(DriveInfo *dinfo) ...@@ -191,6 +191,7 @@ static void drive_uninit(DriveInfo *dinfo)
bdrv_delete(dinfo->bdrv); bdrv_delete(dinfo->bdrv);
g_free(dinfo->id); g_free(dinfo->id);
QTAILQ_REMOVE(&drives, dinfo, next); QTAILQ_REMOVE(&drives, dinfo, next);
g_free(dinfo->serial);
g_free(dinfo); g_free(dinfo);
} }
...@@ -566,7 +567,9 @@ DriveInfo *drive_init(QemuOpts *opts, BlockInterfaceType block_default_type) ...@@ -566,7 +567,9 @@ DriveInfo *drive_init(QemuOpts *opts, BlockInterfaceType block_default_type)
dinfo->trans = translation; dinfo->trans = translation;
dinfo->opts = opts; dinfo->opts = opts;
dinfo->refcount = 1; dinfo->refcount = 1;
dinfo->serial = serial; if (serial != NULL) {
dinfo->serial = g_strdup(serial);
}
QTAILQ_INSERT_TAIL(&drives, dinfo, next); QTAILQ_INSERT_TAIL(&drives, dinfo, next);
bdrv_set_on_error(dinfo->bdrv, on_read_error, on_write_error); bdrv_set_on_error(dinfo->bdrv, on_read_error, on_write_error);
......
...@@ -40,7 +40,7 @@ struct DriveInfo { ...@@ -40,7 +40,7 @@ struct DriveInfo {
int media_cd; int media_cd;
int cyls, heads, secs, trans; int cyls, heads, secs, trans;
QemuOpts *opts; QemuOpts *opts;
const char *serial; char *serial;
QTAILQ_ENTRY(DriveInfo) next; QTAILQ_ENTRY(DriveInfo) next;
int refcount; int refcount;
}; };
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册