OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
3083a1bbb8
qemu-e2k/migration
History
Peter Maydell f151f8aca5 migration/ram.c: Fix use-after-free in multifd_recv_unfill_packet() 
Coverity points out (CID 1400442) that in this code:

    if (packet->pages_alloc > p->pages->allocated) {
        multifd_pages_clear(p->pages);
        multifd_pages_init(packet->pages_alloc);
    }

we free p->pages in multifd_pages_clear() but continue to
use it in the following code. We also leak memory, because
multifd_pages_init() returns the pointer to a new MultiFDPages_t
struct but we are ignoring its return value.

Fix both of these bugs by adding the missing assignment of
the newly created struct to p->pages.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-id: 20190409151830.6024-1-peter.maydell@linaro.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-04-09 20:46:34 +01:00
..
block-dirty-bitmap.c bitmaps: Fix typo in function name 2019-03-12 12:05:49 -04:00
block.c migration/block: use qemu_iovec_init_buf 2019-02-22 09:42:13 +00:00
block.h
channel.c migration: fix the multifd code when receiving less channels 2019-01-23 15:02:07 +00:00
channel.h
colo-failover.c qapi/migration.json: Rename COLO unknown mode to none mode. 2018-10-19 11:15:03 +08:00
colo.c Migration/colo.c: Make user obtain the last COLO mode info after failover 2019-03-25 18:45:46 +01:00
exec.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
exec.h
fd.c migration: unify incoming processing 2018-07-10 12:48:53 +01:00
fd.h
global_state.c migration: Use strnlen() for fixed-size string 2019-01-17 21:10:57 -05:00
Makefile.objs COLO: Remove colo_state migration struct 2018-10-19 11:15:03 +08:00
migration.c migration: Support adding migration blockers earlier 2019-04-02 13:49:36 +02:00
migration.h Revert "migration: move only_migratable to MigrationState" 2019-04-02 13:38:05 +02:00
page_cache.c
page_cache.h
postcopy-ram.c migration: Add an ability to ignore shared RAM blocks 2019-03-06 10:49:17 +00:00
postcopy-ram.h
qemu-file-channel.c migration: invoke qio_channel_yield only when qemu_in_coroutine() 2018-08-22 12:13:59 +02:00
qemu-file-channel.h
qemu-file.c migration: disable RDMA WRITE after postcopy started 2018-08-22 12:12:07 +02:00
qemu-file.h slirp: use libslirp migration code 2019-03-07 12:46:31 +01:00
qjson.c
qjson.h
ram.c migration/ram.c: Fix use-after-free in multifd_recv_unfill_packet() 2019-04-09 20:46:34 +01:00
ram.h migration: multifd_save_cleanup() can't fail, simplify 2019-01-23 15:02:07 +00:00
rdma.c migration/rdma: Check qemu_rdma_init_one_block 2019-03-25 18:45:10 +01:00
rdma.h
savevm.c Revert "migration: move only_migratable to MigrationState" 2019-04-02 13:38:05 +02:00
savevm.h savevm: split the process of different stages for loadvm/savevm 2018-10-19 11:15:03 +08:00
socket.c migration: fix memory leak 2019-03-12 15:18:40 +01:00
socket.h
tls.c migration: add support for a "tls-authz" migration parameter 2019-03-25 18:13:47 +01:00
tls.h
trace-events Pull request 2019-03-25 18:15:43 +00:00
vmstate-types.c vmstate: constify VMStateField 2018-11-27 15:35:15 +01:00
vmstate.c migration: Add post_save function to VMStateDescription 2019-01-21 10:38:55 +00:00
xbzrle.c
xbzrle.h