From a5ceca6d515564c5b5e3ba5f7e395b8d293a8b25 Mon Sep 17 00:00:00 2001 From: lazymio Date: Sat, 15 Jan 2022 22:11:14 +0100 Subject: [PATCH] Remove the static variable in flatviews_init Or we may get an invalid old (and free-ed) uc instance reference --- include/uc_priv.h | 2 ++ qemu/softmmu/memory.c | 12 +++++------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/uc_priv.h b/include/uc_priv.h index 5c1e181d..1262c6de 100644 --- a/include/uc_priv.h +++ b/include/uc_priv.h @@ -368,6 +368,8 @@ struct uc_struct { int nested_level; // Current nested_level struct TranslationBlock *last_tb; // The real last tb we executed. + + FlatView *empty_view; // Static function variable moved from flatviews_init }; // Metadata stub for the variable-size cpu context used with uc_context_*() diff --git a/qemu/softmmu/memory.c b/qemu/softmmu/memory.c index c62e272f..3fe3467b 100644 --- a/qemu/softmmu/memory.c +++ b/qemu/softmmu/memory.c @@ -783,8 +783,6 @@ static void address_space_update_topology_pass(AddressSpace *as, static void flatviews_init(struct uc_struct *uc) { - static FlatView *empty_view; - if (uc->flat_views) { return; } @@ -792,13 +790,13 @@ static void flatviews_init(struct uc_struct *uc) uc->flat_views = g_hash_table_new_full(NULL, NULL, NULL, (GDestroyNotify) flatview_unref); - if (!empty_view) { - empty_view = generate_memory_topology(uc, NULL); + if (!uc->empty_view) { + uc->empty_view = generate_memory_topology(uc, NULL); /* We keep it alive forever in the global variable. */ - flatview_ref(empty_view); + flatview_ref(uc->empty_view); } else { - g_hash_table_replace(uc->flat_views, NULL, empty_view); - flatview_ref(empty_view); + g_hash_table_replace(uc->flat_views, NULL, uc->empty_view); + flatview_ref(uc->empty_view); } }