From: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Date: Tue, 30 Apr 2024 08:56:44 +0000 (+0300)
Subject: migration: process_incoming_migration_co(): fix reporting s->error
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=30116e9079e3f395ef186960d986c7d073d7eb8a;p=qemu.git

migration: process_incoming_migration_co(): fix reporting s->error

It's bad idea to leave critical section with error object freed, but
s->error still set, this theoretically may lead to use-after-free
crash. Let's avoid it.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
---

diff --git a/migration/migration.c b/migration/migration.c
index 0d26db47f7..b307a4bc59 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -784,6 +784,7 @@ process_incoming_migration_co(void *opaque)
         if (migrate_has_error(s)) {
             WITH_QEMU_LOCK_GUARD(&s->error_mutex) {
                 error_report_err(s->error);
+                s->error = NULL;
             }
         }
         error_report("load of migration failed: %s", strerror(-ret));