qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] qdev: fix use-after-free in the error path of q

From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH] qdev: fix use-after-free in the error path of qdev_init_nofail
Date: Wed, 27 Jun 2012 16:03:28 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) 
Anthony Liguori <address@hidden> writes:

>>From Markus:
>
> Before:
>
>     $ qemu-system-x86_64 -display none -drive if=ide
>     qemu-system-x86_64: Device needs media, but drive is empty
>     qemu-system-x86_64: Initialization of device ide-hd failed
>     [Exit 1 ]
>
> After:
>
>     $ qemu-system-x86_64 -display none -drive if=ide
>     qemu-system-x86_64: Device needs media, but drive is empty
>     Segmentation fault (core dumped)
>     [Exit 139 (SIGSEGV)]
>
> This error always existed as qdev_init() frees the object.  But QOM
> goes a bit further and purposefully sets the class pointer to NULL to
> help find use-after-free.  It worked :-)
>
> Cc: Andreas Faerber <address@hidden>
> Reported-by: Markus Armbruster <address@hidden>
> Signed-off-by: Anthony Liguori <address@hidden>

Tested-by: Markus Armbruster <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]