From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 31 Jul 2013 09:17:58 +0000 (+0200)
Subject: usb-redir: fix use-after-free
X-Git-Tag: Tizen_Studio_1.3_Release_p2.3.1~524^2~3^2~274^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a14ff8a650b5943ee6221b952494661f7cb3b5e2;p=sdk%2Femulator%2Fqemu.git

usb-redir: fix use-after-free

Reinitialize dev->cs to NULL after deleting it, to make sure it isn't
used afterwards.

Reported-by: Martin Cerveny <M.Cerveny@computer.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---

diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
index 8b8c010d94..e3b9f324b3 100644
--- a/hw/usb/redirect.c
+++ b/hw/usb/redirect.c
@@ -1334,6 +1334,7 @@ static void usbredir_handle_destroy(USBDevice *udev)
     USBRedirDevice *dev = DO_UPCAST(USBRedirDevice, dev, udev);
 
     qemu_chr_delete(dev->cs);
+    dev->cs = NULL;
     /* Note must be done after qemu_chr_close, as that causes a close event */
     qemu_bh_delete(dev->chardev_close_bh);