[Qemu-devel] use after free in usb code

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] use after free in usb code

From:	Bruce Rogers
Subject:	[Qemu-devel] use after free in usb code
Date:	Thu, 14 Jun 2012 23:02:57 -0600

Hi,

A bug was reported against qemu v1.1 in openSUSE 12.2.
See: https://bugzilla.novell.com/show_bug.cgi?id=766310

I've discovered that uhci_queue_free is called with a queue
that is still active. Bisecting shows that this bug was introduced
in git commit id d9a528db7f2d71d92e869e20bda37774f11fbbe1.

Setting the queue memory to some non-zero value before it is
freed helps expose the issue.

In addition to the -usbdevice tablet case reported in the bug, I
also see the same problem with -usbdevice net and -usbdevice
audio, while other usb devices that I tested don't show this
problem.

Bruce

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] use after free in usb code, Bruce Rogers <=

Prev by Date: Re: [Qemu-devel] [PATCH 0/3] qom: refactor Interfaces
Next by Date: Re: [Qemu-devel] Broken Microblaze timer
Previous by thread: Re: [Qemu-devel] How to measure guest memory access (qemu_ld/qemu_st) time?
Next by thread: [Qemu-devel] question about irq update
Index(es):
- Date
- Thread