On 12/20/2017 09:29 PM, linzhecheng wrote:
+} QemuThreadArgs; + +static void *qemu_thread_start(void *args) { + QemuThreadArgs *qemu_thread_args = args; + void *(*start_routine)(void *) = qemu_thread_args->start_routine; + void *arg = qemu_thread_args->arg; + + /* Attempt to set the threads name; note that this is for debug, so + * we're not going to fail if we can't set it. + */ + pthread_setname_np(pthread_self(), qemu_thread_args->name); + g_free(qemu_thread_args->name); + g_free(qemu_thread_args);If qemu_thread_args is freed here, start_routine(arg) will lead to use after free because arg equals to qemu_thread_args
No, we explicitly copied qemu_thread_args->arg into a local variable prior to freeing qemu_thread_args, so that we do not have to dereference the freed variable.
-- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
