block: fix dangling bs->explicit_options in block.c (!3) · Merge requests · Summer2021 / 210010499

谌翔 requested to merge stable-2.10 into main Aug 15, 2021

In some error paths it is possible to QDECREF a freed dangling explicit_options, resulting in a heap overflow crash. For example bdrv_open_inherit()'s fail unrefs it, then calls bdrv_unref which calls bdrv_close which also unrefs it.

Signed-off-by: Manos Pitsidianakis el13635@mail.ntua.gr Signed-off-by: Kevin Wolf kwolf@redhat.com

block: fix dangling bs->explicit_options in block.c

Merge request reports