[Spice-devel] [PATCH 01/10] char-device: Avoid use-after-free
Frediano Ziglio
fziglio at redhat.com
Wed Mar 30 17:20:58 UTC 2016
From: Christophe Fergeau <cfergeau at redhat.com>
Reset pointer after freeing the structure pointing to it.
---
server/char-device.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/server/char-device.c b/server/char-device.c
index 6704678..53bfe82 100644
--- a/server/char-device.c
+++ b/server/char-device.c
@@ -211,6 +211,7 @@ static void spice_char_device_client_free(SpiceCharDeviceState *dev,
if (dev_client->wait_for_tokens_timer) {
reds_core_timer_remove(dev->priv->reds, dev_client->wait_for_tokens_timer);
+ dev_client->wait_for_tokens_timer = NULL;
}
spice_char_device_client_send_queue_free(dev, dev_client);
--
2.5.5
More information about the Spice-devel
mailing list