On Mon, Aug 20, 2012 at 02:22:40PM +0100, Stefan Hajnoczi wrote: > Net send functions have a return value where 0 means the packet has not > been sent and will be queued. A non-zero value means the packet was > sent or an error caused the packet to be dropped. > > This patch fixes two instances where packets are queued but we return > their size. This causes callers to believe the packets were sent. When > the caller uses the async send interface this creates a real problem > because the callback will be invoked for a packet that the caller > believed to be already sent. This bug can cause double-frees in the > caller. > > Signed-off-by: Stefan Hajnoczi <[email protected]> > --- > net/queue.c | 35 ++++++++++++++++------------------- > 1 file changed, 16 insertions(+), 19 deletions(-)
Applied to the net tree: https://github.com/stefanha/qemu/commits/net Stefan
