fix use after free

We are using the vs structure when it was just freed. Classic use after free,
fix it.

Signed-off-by: Glauber Costa <glommer@redhat.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

diff --git a/vnc.c b/vnc.c
index 5eaef6a..592c9b3 100644 (file)
--- a/vnc.c
+++ b/vnc.c
@@ -918,8 +918,8 @@ static void vnc_disconnect_finish(VncState *vs)
     if (!vs->vd->clients)
         dcl->idle = 1;
 
-    qemu_free(vs);
     vnc_remove_timer(vs->vd);
+    qemu_free(vs);
 }
 
 int vnc_client_io_error(VncState *vs, int ret, int last_errno)