On 12/20/2017 09:40 PM, linzhecheng wrote:
If qemu_thread_args is freed here, start_routine(arg) will lead to use
after free because arg equals to qemu_thread_args
No, we explicitly copied qemu_thread_args->arg into a local variable prior to
freeing qemu_thread_args, so that we do not have to dereference the freed
variable.
OK, that's true.
By the way, your mailer is breaking threading; it is omitting
'In-Reply-To:' and 'References:' headers, which makes every mail from
you show up as a new top-level thread, rather than properly threaded to
what you are responding to.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
