migration: Fix use-after-free of migration state object

[mirror_qemu.git] / migration / migration.c

diff --git a/migration/migration.c b/migration/migration.c
index 219447dea174ee69f3f9760fa9ee8fa0c804bbe7..cf17b68e57679bbd5d4a43a6e53543fb8a5e2df3 100644 (file)
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -648,6 +648,7 @@ static void process_incoming_migration_bh(void *opaque)
                       MIGRATION_STATUS_COMPLETED);
     qemu_bh_delete(mis->bh);
     migration_incoming_state_destroy();
+    object_unref(OBJECT(migrate_get_current()));
 }
 
 static void coroutine_fn
@@ -713,6 +714,7 @@ process_incoming_migration_co(void *opaque)
     }
 
     mis->bh = qemu_bh_new(process_incoming_migration_bh, mis);
+    object_ref(OBJECT(migrate_get_current()));
     qemu_bh_schedule(mis->bh);
     return;
 fail: