virtio-blk: fix use-after-free while handling scsi commands

The scsi passthrough handler falls through after completing a request into the failure path, resulting in a use after free. Reproducible by running a guest with aio=native on a block device. Reported-by: Stefan Priebe <s.priebe@profihost.ag> Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-12-04 17:23:39 +08:00 · 2012-08-06 15:49:03 +03:00 · 2012-08-06 15:49:03 +03:00 · 730a9c53b4
commit 730a9c53b4
parent 3d1d965297
1 changed files with 1 additions and 0 deletions
--- a/hw/virtio-blk.c
+++ b/hw/virtio-blk.c
@ -254,6 +254,7 @@ static void virtio_blk_handle_scsi(VirtIOBlockReq *req)

    virtio_blk_req_complete(req, status);
    g_free(req);
+    return;
 #else
    abort();
 #endif