qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1.0] qiov: prevent double free or use-after-free

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH 1.0] qiov: prevent double free or use-after-free
Date: Fri, 25 Nov 2011 12:55:21 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110930 Thunderbird/7.0.1 
On 11/25/2011 12:56 PM, Kevin Wolf wrote:

qemu_iovec_destroy does not clear the QEMUIOVector fully, and the data
>  could thus be used after free or freed again.  While I do not know any
>  example in the tree, I observed this using virtio-scsi (and SCSI
>  scatter/gather) when canceling DMA requests.
>
>  Signed-off-by: Paolo Bonzini<address@hidden>

This isn't a bug fix for itself, it just makes bugs in other code more
visible, right? It probably makes sense to do this change, but I'm not
sure about doing it for 1.0.
It is a fix. NULLing the pointer prevents double-free bugs, and setting niov/nalloc to 0 should prevent use-after-free. 

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]