Error process of baum_chr_open needs to set brlapi null, so it won't
get released twice in char_braille_finalize, which will cause
"/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"

Signed-off-by: Liang Yan <lyan@suse.com>
---
 chardev/baum.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/chardev/baum.c b/chardev/baum.c
index 302dd9666c..67fd783a59 100644
--- a/chardev/baum.c
+++ b/chardev/baum.c
@@ -643,6 +643,7 @@ static void baum_chr_open(Chardev *chr,
         error_setg(errp, "brlapi__openConnection: %s",
                    brlapi_strerror(brlapi_error_location()));
         g_free(handle);
+        baum->brlapi = NULL;
         return;
     }
     baum->deferred_init = 0;
-- 
2.14.1

----- Original Message -----
> Error process of baum_chr_open needs to set brlapi null, so it won't
> get released twice in char_braille_finalize, which will cause
> "/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"
> 
> Signed-off-by: Liang Yan <lyan@suse.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  chardev/baum.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/chardev/baum.c b/chardev/baum.c
> index 302dd9666c..67fd783a59 100644
> --- a/chardev/baum.c
> +++ b/chardev/baum.c
> @@ -643,6 +643,7 @@ static void baum_chr_open(Chardev *chr,
>          error_setg(errp, "brlapi__openConnection: %s",
>                     brlapi_strerror(brlapi_error_location()));
>          g_free(handle);
> +        baum->brlapi = NULL;
>          return;
>      }
>      baum->deferred_init = 0;
> --
> 2.14.1
> 
> 

23.09.2017 01:55, Liang Yan wrote:
> Error process of baum_chr_open needs to set brlapi null, so it won't
> get released twice in char_braille_finalize, which will cause
> "/usr/bin/qemu-system-x86_64: double free or corruption (!prev)"

Applied to -trivial, thanks!

/mjt