From: Marc-André Lureau <marcandre.lur...@redhat.com>
If tcp_set_msgfds() is called several time with NULL fds, this
could lead to double-free.
Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com>
---
qemu-char.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/qemu-char.c b/qemu-char.c
index d956f8d..bc37628 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2713,6 +2713,7 @@ static int tcp_set_msgfds(CharDriverState *chr, int *fds,
int num)
/* clear old pending fd array */
if (s->write_msgfds) {
g_free(s->write_msgfds);
+ s->write_msgfds = NULL;
}
if (num) {
--
2.4.3
