In migration_shutdown, global var current_migration is freed but not
assigned to NULL, which may cause heap-use-after-free problem if the
following code logic is abnormal.
Signed-off-by: Keqian Zhu <zhukeqi...@huawei.com>
---
migration/migration.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/migration/migration.c b/migration/migration.c
index 481a590f72..effffd7332 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -189,6 +189,7 @@ void migration_shutdown(void)
*/
migrate_fd_cancel(current_migration);
object_unref(OBJECT(current_migration));
+ current_migration = NULL;
}
/* For outgoing */
--
2.19.1
