| commit | a942d8fa01f65279cdc135f4294db611bbc088ef | |
| author | Paolo Bonzini <pbonzini@redhat.com> | |
| Mon, 4 Jul 2016 12:40:59 +0000 (4 14:40 +0200) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Tue, 12 Jul 2016 16:31:27 +0000 (12 18:31 +0200) | ||
| tree | 53b1a60d73631a374879b545ff7b8c8c95e3c615 | treesnapshot (tar.gz zip) |
| parent | 28ba61e7ff2a824e79a477192aee8ee20b95f194 | commitdiff |
json-streamer: fix double-free on exiting during a parse
Now that json-streamer tries not to leak tokens on incomplete parse,
the tokens can be freed twice if QEMU destroys the json-streamer
object during the parser->emit call. To fix this, create the new
empty GQueue earlier, so that it is already in place when the old
one is passed to parser->emit.
Reported-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1467636059-12557-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Now that json-streamer tries not to leak tokens on incomplete parse,
the tokens can be freed twice if QEMU destroys the json-streamer
object during the parser->emit call. To fix this, create the new
empty GQueue earlier, so that it is already in place when the old
one is passed to parser->emit.
Reported-by: Changlong Xie <xiecl.fnst@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <1467636059-12557-1-git-send-email-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| qobject/json-streamer.c | diffblobblamehistory |