github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-21 21:19:35 +00:00
Code Issues Projects Releases Wiki Activity

DM: bugfix - use of freed memory in 'monitor_close()'

Browse Source 
-memory was dereferenced after being freed:
   MACRO 'LIST_FOREACH()' dereference
  'client' for next list node after 'client'
   was freed.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang 2018-05-23 20:09:09 +08:00 committed by lijinxia
parent 744e09bc7e
commit 3df0fbfefb
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
devicemodel/core/monitor.c
View File

@ -453,7 +453,7 @@ int monitor_init(struct vmctx *ctx)
void monitor_close(void) void monitor_close(void)
{ {
struct vmm_client *client; struct vmm_client *client, *pclient;
if (!monitor_thread) if (!monitor_thread)
return; return;
shutdown(monitor_fd, SHUT_RDWR); shutdown(monitor_fd, SHUT_RDWR);
@ -465,7 +465,8 @@ void monitor_close(void)
/* client buf-mem and fd may be still in use by msg-handler */ /* client buf-mem and fd may be still in use by msg-handler */
/* which is handled by mevent */ /* which is handled by mevent */
pthread_mutex_lock(&client_mutex); pthread_mutex_lock(&client_mutex);
LIST_FOREACH(client, &client_head, list) { list_foreach_safe(client, &client_head, list, pclient) {
LIST_REMOVE(client, list);
vmm_client_free_res(client); vmm_client_free_res(client);
} }
pthread_mutex_unlock(&client_mutex); pthread_mutex_unlock(&client_mutex);