* Daniel P. Berrange (berra...@redhat.com) wrote: > The QIOChannelBuffer's close implementation will free > the internal data buffer. It failed to reset the pointer > to NULL though, so when the object is later finalized > it will free it a second time with predictable crash. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilb...@redhat.com> Dave > --- > io/channel-buffer.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/io/channel-buffer.c b/io/channel-buffer.c > index 3e5117b..43d7959 100644 > --- a/io/channel-buffer.c > +++ b/io/channel-buffer.c > @@ -140,6 +140,7 @@ static int qio_channel_buffer_close(QIOChannel *ioc, > QIOChannelBuffer *bioc = QIO_CHANNEL_BUFFER(ioc); > > g_free(bioc->data); > + bioc->data = NULL; > bioc->capacity = bioc->usage = bioc->offset = 0; > > return 0; > -- > 2.5.0 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
