From 48ff0d29c594ccfa80a3d58c97bdb7e656c8f541 Mon Sep 17 00:00:00 2001
From: jiangdongxu <jiangdongxu1@huawei.com>
Date: Mon, 20 Jun 2022 17:19:44 +0800
Subject: [PATCH 9/9] bugfix: pointer double free in func
 qemu_savevm_state_complete_precopy_non_iterable

vmdesc defined in qemu_savevm_state_complete_precopy_non_iterable is a g_autoptr,
it will be auto freed when function return. thus when we call json_writer_free
before function return to free vmdesc, it will be double freed. fix it.

Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
---
 migration/savevm.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/migration/savevm.c b/migration/savevm.c
index 803cd9004d..d59e976d50 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -1427,7 +1427,6 @@ int qemu_savevm_state_complete_precopy_non_iterable(QEMUFile *f,
         ret = vmstate_save(f, se, vmdesc);
         if (ret) {
             qemu_file_set_error(f, ret);
-            json_writer_free(vmdesc);
             return ret;
         }
         trace_savevm_section_end(se->idstr, se->section_id, 0);
@@ -1444,7 +1443,6 @@ int qemu_savevm_state_complete_precopy_non_iterable(QEMUFile *f,
             error_report("%s: bdrv_inactivate_all() failed (%d)",
                          __func__, ret);
             qemu_file_set_error(f, ret);
-            json_writer_free(vmdesc);
             return ret;
         }
     }
-- 
2.27.0