From a4d48935c97839337f6aa8b2bb944e92bb9909df Mon Sep 17 00:00:00 2001
From: Yunlei Ding <yunlei.ding@citrix.com>
Date: Mon, 17 Mar 2014 05:37:49 +0000
Subject: [PATCH] hw/msmouse.c: Fix deref_after_free and double free

msmouse_chr_close is only pointed by chr->chr_close in qemu_chr_close
function. After calling chr->chr_close, chr will be freed. So we don't
need to free it again here.

Signed-off-by: Yunlei Ding <yunlei.ding@citrix.com>
(defect not identified by Coverity Scan)
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 hw/msmouse.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/msmouse.c b/hw/msmouse.c
index 69356a5357..2d2703b5e5 100644
--- a/hw/msmouse.c
+++ b/hw/msmouse.c
@@ -61,7 +61,6 @@ static int msmouse_chr_write (struct CharDriverState *s, const uint8_t *buf, int
 
 static void msmouse_chr_close (struct CharDriverState *chr)
 {
-    qemu_free (chr);
 }
 
 CharDriverState *qemu_chr_open_msmouse(void)
-- 
2.39.5