The bdrv_aio_multiwrite error handling has some bugs that lead to premature cleanup, causing use-after-free and double free problems.
v2: - Completely replaced patch 1 which Stefan found to be incorrect (thanks for the good review!). Hope I've got it right this time. Kevin Wolf (2): block: Fix early failure in multiwrite block: Handle multiwrite errors only when all requests have completed block.c | 40 ++++++++++++++++++++++++++++++---------- 1 files changed, 30 insertions(+), 10 deletions(-)
