nvme: avoid use-after-free in nvme_controller_enable()

Commit b68f313c9139 ("nvme: Record maximum allowed request size") introduced a use of "identify" past it being passed to free(). Latch the value of interest into a local variable. Reported-by: Coverity (ID 1497613) Signed-off-by: Jan Beulich <jbeulich@suse.com>
author: Jan Beulich via SeaBIOS <seabios@seabios.org> 2022-01-24 10:20:53 +0100
committer: Kevin O'Connor <kevin@koconnor.net> 2022-01-27 11:32:47 -0500
commit: dc776a2d9ca9e1b857e880ff682668871369b4c3 (patch)
tree: ac25755bdcb457619d7d60b43d2d71350c8e8202
parent: 15a102e062af18e01daece409ee54765a3b4ec13 (diff)
download: qemu-seabios-dc776a2d9ca9e1b857e880ff682668871369b4c3.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/hw/nvme.c b/src/hw/nvme.c
index 3dfa0ce..b3835c0 100644
--- a/src/hw/nvme.c
+++ b/src/hw/nvme.c
@@ -637,6 +637,7 @@ nvme_controller_enable(struct nvme_ctrl *ctrl)
             identify->nn, (identify->nn == 1) ? "" : "s");
 
     ctrl->ns_count = identify->nn;
+    u8 mdts = identify->mdts;
     free(identify);
 
     if ((ctrl->ns_count == 0) || nvme_create_io_queues(ctrl)) {
@@ -648,7 +649,7 @@ nvme_controller_enable(struct nvme_ctrl *ctrl)
     /* Populate namespace IDs */
     int ns_idx;
     for (ns_idx = 0; ns_idx < ctrl->ns_count; ns_idx++) {
-        nvme_probe_ns(ctrl, ns_idx, identify->mdts);
+        nvme_probe_ns(ctrl, ns_idx, mdts);
     }
 
     dprintf(3, "NVMe initialization complete!\n");
author	Jan Beulich via SeaBIOS <seabios@seabios.org>	2022-01-24 10:20:53 +0100
committer	Kevin O'Connor <kevin@koconnor.net>	2022-01-27 11:32:47 -0500
commit	dc776a2d9ca9e1b857e880ff682668871369b4c3 (patch)
tree	ac25755bdcb457619d7d60b43d2d71350c8e8202
parent	15a102e062af18e01daece409ee54765a3b4ec13 (diff)
download	qemu-seabios-dc776a2d9ca9e1b857e880ff682668871369b4c3.tar.gz