ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

qemu-char: fix qemu_chr_fe_set_msgfds() crash when disconnected 

Calling qemu_chr_fe_set_msgfds() on unconnected socket leads to crash
since s->ioc is NULL in this case. Return an error earlier instead.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Marc-André Lureau 2016-07-27 01:15:08 +04:00 committed by Michael S. Tsirkin
parent 4afba63120
commit 5c7eaabf65
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
qemu-char.c
View File

@ -2760,14 +2760,16 @@ static int tcp_set_msgfds(CharDriverState *chr, int *fds, int num)
{ {
TCPCharDriver *s = chr->opaque; TCPCharDriver *s = chr->opaque;
if (!qio_channel_has_feature(s->ioc,
QIO_CHANNEL_FEATURE_FD_PASS)) {
return -1;
}
/* clear old pending fd array */ /* clear old pending fd array */
g_free(s->write_msgfds); g_free(s->write_msgfds);
s->write_msgfds = NULL; s->write_msgfds = NULL;
if (!s->connected ||
!qio_channel_has_feature(s->ioc,
QIO_CHANNEL_FEATURE_FD_PASS)) {
return -1;
}
if (num) { if (num) {
s->write_msgfds = g_new(int, num); s->write_msgfds = g_new(int, num);
memcpy(s->write_msgfds, fds, num * sizeof(int)); memcpy(s->write_msgfds, fds, num * sizeof(int));