The bdrv_aio_multiwrite error handling has some bugs that lead to premature cleanup, causing use-after-free and double free problems.
Kevin Wolf (2): block: Fix too early free in multiwrite block: Handle multiwrite errors only when all requests have completed block.c | 11 +++-------- 1 files changed, 3 insertions(+), 8 deletions(-)
