[Qemu-devel] [PATCH] block/linux-aio: explictly clear laiocb->co

[Stefan Hajnoczi]

qemu_aio_get() does not zero allocated memory.  Explicitly initialize
laiocb->co to prevent an uninitialized memory access in
qemu_laio_process_completion().

Note that this bug has never manifested itself.  I guess we're lucky!

Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com>
---
I challenge you to find a place where laiocb->co is initialized and then
we can drop this patch.  I've double-checked and cannot find it...

 block/linux-aio.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/linux-aio.c b/block/linux-aio.c
index d4b61fb251..a097653be6 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
@@ -440,6 +440,7 @@ BlockAIOCB *laio_submit(BlockDriverState *bs, LinuxAioState 
*s, int fd,
     int ret;
 
     laiocb = qemu_aio_get(&laio_aiocb_info, bs, cb, opaque);
+    laiocb->co = NULL;
     laiocb->nbytes = nb_sectors * BDRV_SECTOR_SIZE;
     laiocb->ctx = s;
     laiocb->ret = -EINPROGRESS;
-- 
2.21.0