qemu-kvm/kvm-pr-manager-Fix-invalid-...

From 84728251439a3b73a57a8d72cc4d39307207cc01 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 20 Sep 2019 16:48:41 +0100
Subject: [PATCH 4/4] pr-manager: Fix invalid g_free() crash bug
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Paolo Bonzini <pbonzini@redhat.com>
Message-id: <20190920164841.10424-1-pbonzini@redhat.com>
Patchwork-id: 90824
O-Subject: [RHEL-AV-8.1.0 qemu-kvm PATCH v2] pr-manager: Fix invalid g_free() crash bug
Bugzilla: 1753992
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Markus Armbruster <armbru@redhat.com>

From: Markus Armbruster <armbru@redhat.com>

BZ: 1753992
BRANCH: rhel-av-8.1.0/master-4.1.0
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23612762
Upstream: 6b9d62c2a9e83bbad73fb61406f0ff69b46ff6f3

pr_manager_worker() passes its @opaque argument to g_free().  Wrong;
it points to pr_manager_worker()'s automatic @data.  Broken when
commit 2f3a7ab39be converted @data from heap- to stack-allocated.  Fix
by deleting the g_free().

Fixes: 2f3a7ab39bec4ba8022dc4d42ea641165b004e3e
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 6b9d62c2a9e83bbad73fb61406f0ff69b46ff6f3)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
 scsi/pr-manager.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scsi/pr-manager.c b/scsi/pr-manager.c
index ee43663..0c866e8 100644
--- a/scsi/pr-manager.c
+++ b/scsi/pr-manager.c
@@ -39,7 +39,6 @@ static int pr_manager_worker(void *opaque)
     int fd = data->fd;
     int r;

-    g_free(data);
     trace_pr_manager_run(fd, hdr->cmdp[0], hdr->cmdp[1]);

     /* The reference was taken in pr_manager_execute.  */
--
1.8.3.1