[Qemu-devel] [PATCH 01/11] qiov: prevent double free or use-after-free

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 01/11] qiov: prevent double free or use-after-free

From:	Paolo Bonzini
Subject:	[Qemu-devel] [PATCH 01/11] qiov: prevent double free or use-after-free
Date:	Tue, 6 Dec 2011 12:01:22 +0100

qemu_iovec_destroy does not clear the QEMUIOVector fully, and the data
could thus be used after free or freed again.  This can be observed with
virtio-scsi, because canceling DMA requests can happen more easily with
SCSI (due to task management functions) than with other backends.

Signed-off-by: Paolo Bonzini <address@hidden>
---
 cutils.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/cutils.c b/cutils.c
index 6db6304..24b3fe3 100644
--- a/cutils.c
+++ b/cutils.c
@@ -217,7 +217,10 @@ void qemu_iovec_destroy(QEMUIOVector *qiov)
 {
     assert(qiov->nalloc != -1);
 
+    qemu_iovec_reset(qiov);
     g_free(qiov->iov);
+    qiov->nalloc = 0;
+    qiov->iov = NULL;
 }
 
 void qemu_iovec_reset(QEMUIOVector *qiov)
-- 
1.7.7.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 00/11] virtio-scsi device model, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 01/11] qiov: prevent double free or use-after-free, Paolo Bonzini <=
- [Qemu-devel] [PATCH 04/11] dma-helpers: add accounting wrappers, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 06/11] scsi: add scatter/gather functionality, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 03/11] dma-helpers: add dma_buf_read and dma_buf_write, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 08/11] virtio-scsi: Add virtio-scsi stub device, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 05/11] scsi: pass residual amount to command_complete, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 09/11] virtio-scsi: Add basic request processing infrastructure, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 07/11] scsi-disk: enable scatter/gather functionality, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 10/11] virtio-scsi: add basic SCSI bus operation, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 11/11] virtio-scsi: process control queue requests, Paolo Bonzini, 2011/12/06
- [Qemu-devel] [PATCH 02/11] dma-helpers: make QEMUSGList target independent, Paolo Bonzini, 2011/12/06

Prev by Date: [Qemu-devel] [PATCH 00/11] virtio-scsi device model
Next by Date: [Qemu-devel] [PATCH 04/11] dma-helpers: add accounting wrappers
Previous by thread: [Qemu-devel] [PATCH 00/11] virtio-scsi device model
Next by thread: [Qemu-devel] [PATCH 04/11] dma-helpers: add accounting wrappers
Index(es):
- Date
- Thread