|
 |
cd9d161 |
From 72e8677ee72152245f5dc222a85f83a6a382efe8 Mon Sep 17 00:00:00 2001
|
|
|
cd9d161 |
From: Kevin Wolf <kwolf@redhat.com>
|
|
|
cd9d161 |
Date: Wed, 26 Oct 2011 11:03:01 +0200
|
|
|
cd9d161 |
Subject: [PATCH] block: Fix bdrv_open use after free
|
|
|
cd9d161 |
MIME-Version: 1.0
|
|
|
cd9d161 |
Content-Type: text/plain; charset=UTF-8
|
|
|
cd9d161 |
Content-Transfer-Encoding: 8bit
|
|
|
cd9d161 |
|
|
|
cd9d161 |
tmp_filename was used outside the block it was defined in, i.e. after it went
|
|
|
cd9d161 |
out of scope. Move its declaration to the top level.
|
|
|
cd9d161 |
|
|
|
cd9d161 |
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
|
cd9d161 |
(cherry picked from commit 2b5728164fcf5211bbae8d3c2fc6df62dd6b2295)
|
|
|
cd9d161 |
|
|
|
cd9d161 |
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
|
|
cd9d161 |
Signed-off-by: Andreas Färber <afaerber@suse.de>
|
|
|
cd9d161 |
---
|
|
|
cd9d161 |
block.c | 2 +-
|
|
|
cd9d161 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
cd9d161 |
|
|
|
cd9d161 |
diff --git a/block.c b/block.c
|
|
|
cd9d161 |
index 9549b9e..4ebb18b 100644
|
|
|
cd9d161 |
--- a/block.c
|
|
|
cd9d161 |
+++ b/block.c
|
|
|
cd9d161 |
@@ -526,6 +526,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags,
|
|
|
cd9d161 |
BlockDriver *drv)
|
|
|
cd9d161 |
{
|
|
|
cd9d161 |
int ret;
|
|
|
cd9d161 |
+ char tmp_filename[PATH_MAX];
|
|
|
cd9d161 |
|
|
|
cd9d161 |
if (flags & BDRV_O_SNAPSHOT) {
|
|
|
cd9d161 |
BlockDriverState *bs1;
|
|
|
cd9d161 |
@@ -533,7 +534,6 @@ int bdrv_open(BlockDriverState *bs, const char *filename, int flags,
|
|
|
cd9d161 |
int is_protocol = 0;
|
|
|
cd9d161 |
BlockDriver *bdrv_qcow2;
|
|
|
cd9d161 |
QEMUOptionParameter *options;
|
|
|
cd9d161 |
- char tmp_filename[PATH_MAX];
|
|
|
cd9d161 |
char backing_filename[PATH_MAX];
|
|
|
cd9d161 |
|
|
|
cd9d161 |
/* if snapshot, we create a temporary backing file and open it
|
|
|
cd9d161 |
--
|
|
|
cd9d161 |
1.7.11.2
|
|
|
cd9d161 |
|