From 6bd4bc814f074fd8cf40d20fff0e25a7e3ee790c Mon Sep 17 00:00:00 2001
From: Eric Blake <eblake@redhat.com>
Date: Sat, 17 Feb 2018 17:28:06 -0500
Subject: [PATCH] qobject: Protect against use-after-free in qobject_decref()

Adding an assertion to qobject_decref() will ensure that a
programming error causing use-after-free will result in
immediate failure (provided no other thread has started
using the memory) instead of silently attempting to wrap
refcnt around and leaving the problem to potentially bite
later at a harder point to diagnose.

Backports commit cc9f60d4a2a4bf2578a9309a18f1c4602c9f5ce7 from qemu
---
 qemu/include/qapi/qmp/qobject.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qemu/include/qapi/qmp/qobject.h b/qemu/include/qapi/qmp/qobject.h
index d0bbc7c4..b100d4b3 100644
--- a/qemu/include/qapi/qmp/qobject.h
+++ b/qemu/include/qapi/qmp/qobject.h
@@ -94,6 +94,7 @@ static inline void qobject_incref(QObject *obj)
  */
 static inline void qobject_decref(QObject *obj)
 {
+    assert(!obj || obj->refcnt);
     if (obj && --obj->refcnt == 0) {
         assert(obj->type != NULL);
         assert(obj->type->destroy != NULL);