[Spice-devel] [PATCH 01/10] char-device: Avoid use-after-free
Jonathon Jongsma
jjongsma at redhat.com
Wed Mar 30 19:18:30 UTC 2016
On Wed, 2016-03-30 at 18:20 +0100, Frediano Ziglio wrote:
> From: Christophe Fergeau <cfergeau at redhat.com>
>
> Reset pointer after freeing the structure pointing to it.
> ---
> server/char-device.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/server/char-device.c b/server/char-device.c
> index 6704678..53bfe82 100644
> --- a/server/char-device.c
> +++ b/server/char-device.c
> @@ -211,6 +211,7 @@ static void
> spice_char_device_client_free(SpiceCharDeviceState *dev,
>
> if (dev_client->wait_for_tokens_timer) {
> reds_core_timer_remove(dev->priv->reds, dev_client
> ->wait_for_tokens_timer);
> + dev_client->wait_for_tokens_timer = NULL;
> }
>
> spice_char_device_client_send_queue_free(dev, dev_client);
Acked-by: Jonathon Jongsma <jjongsma at redhat.com>
More information about the Spice-devel
mailing list