On 11/16/2011 09:28 AM, Zhi Yong Wu wrote:
> +static void virtio_scsi_complete_req(VirtIOSCSIReq *req) > +{ > + VirtQueue *vq = req->vq; > + virtqueue_push(vq,&req->elem, req->qsgl.size + req->elem.in_sg[0].iov_len); > + qemu_sglist_destroy(&req->qsgl); > + if (req->sreq) { > + req->sreq->hba_private = NULL; > + scsi_req_unref(req->sreq); > + } > + g_free(req); > + virtio_notify(&req->dev->vdev, vq);req is used-after-free?
Yes, thanks for spotting it. Paolo
