The logic of pcmcia_socket_unregister is wrong,
which will cause a freed memory accessing
Signed-off-by: zhanghailiang <zhang.zhanghaili...@huawei.com>
---
Hi,
The function pcmcia_socket_unregister seemes to be unused,
Should it be removed? Thanks.
---
vl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/vl.c b/vl.c
index dc792fe..bf659b7 100644
--- a/vl.c
+++ b/vl.c
@@ -1545,11 +1545,13 @@ void pcmcia_socket_unregister(PCMCIASocket *socket)
struct pcmcia_socket_entry_s *entry, **ptr;
ptr = &pcmcia_sockets;
- for (entry = *ptr; entry; ptr = &entry->next, entry = *ptr)
+ for (entry = *ptr; entry; ptr = &entry->next, entry = *ptr) {
if (entry->socket == socket) {
*ptr = entry->next;
g_free(entry);
+ break;
}
+ }
}
void pcmcia_info(Monitor *mon, const QDict *qdict)
--
1.7.12.4
