• Lin Ma's avatar
    msmouse: Fix segfault caused by free the chr before chardev cleanup. · 9e14037f
    Lin Ma authored
    Segfault happens when leaving qemu with msmouse backend:
    
     #0  0x00007fa8526ac975 in raise () at /lib64/libc.so.6
     #1  0x00007fa8526add8a in abort () at /lib64/libc.so.6
     #2  0x0000558be78846ab in error_exit (err=16, msg=0x558be799da10 ...
     #3  0x0000558be7884717 in qemu_mutex_destroy (mutex=0x558be93be750) at ...
     #4  0x0000558be7549951 in qemu_chr_free_common (chr=0x558be93be750) at ...
     #5  0x0000558be754999c in qemu_chr_free (chr=0x558be93be750) at ...
     #6  0x0000558be7549a20 in qemu_chr_delete (chr=0x558be93be750) at ...
     #7  0x0000558be754a8ef in qemu_chr_cleanup () at qemu-char.c:4643
     #8  0x0000558be755843e in main (argc=5, argv=0x7ffe925d7118, ...
    
    The chr was freed by msmouse close callback before chardev cleanup,
    Then qemu_mutex_destroy triggered raise().
    
    Because freeing chr is handled by qemu_chr_free_common, Remove the free from
    msmouse_chr_close to avoid double free.
    
    Fixes: c1111a24
    Cc: qemu-stable@nongnu.org
    Signed-off-by: 's avatarLin Ma <lma@suse.com>
    Message-Id: <20160915143158.4796-1-lma@suse.com>
    Signed-off-by: 's avatarPaolo Bonzini <pbonzini@redhat.com>
    9e14037f
Name
Last commit
Last update
..
Makefile.objs Loading commit data...
baum.c Loading commit data...
hostmem-file.c Loading commit data...
hostmem-ram.c Loading commit data...
hostmem.c Loading commit data...
msmouse.c Loading commit data...
rng-egd.c Loading commit data...
rng-random.c Loading commit data...
rng.c Loading commit data...
testdev.c Loading commit data...
tpm.c Loading commit data...