[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] A use-after-free in slirp
|
From: |
Samuel Thibault |
|
Subject: |
Re: [Qemu-devel] A use-after-free in slirp |
|
Date: |
Wed, 23 Aug 2017 22:27:28 +0200 |
|
User-agent: |
NeoMutt/20170113 (1.7.2) |
Hello,
P J P, on jeu. 03 août 2017 17:45:06 +0530, wrote:
> ==31922==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x61400001ff8c at pc 0x56485de28ea0 bp 0x7f00f44fc950 sp 0x7f00f44fc940
> READ of size 4 at 0x61400001ff8c thread T2
> #0 0x56485de28e9f in if_start slirp/if.c:230
> #1 0x56485de28a58 in if_output slirp/if.c:141
> #2 0x56485de35173 in ip_output slirp/ip_output.c:85
> #3 0x56485de57c48 in tcp_respond slirp/tcp_subr.c:218
> #4 0x56485de52440 in tcp_input slirp/tcp_input.c:1392
> #5 0x56485de329ef in ip_input slirp/ip_input.c:206
> #6 0x56485de3cf93 in slirp_input slirp/slirp.c:872
> #7 0x56485de0726d in net_slirp_receive net/slirp.c:119
> #8 0x56485ddee24d in nc_sendv_compat net/net.c:707
> #9 0x56485ddee3dd in qemu_deliver_packet_iov net/net.c:734
> #10 0x56485ddf422c in qemu_net_queue_deliver_iov net/queue.c:179
> ...
Please don't strip the output :)
The most interesting part is what exactly freed this.
> A full trace output can be seen
>
> here -> https://paste.fedoraproject.org/paste/gh~hDctqUQ8uVt6UdG~zbg
The paste is not available any more. Is it really very large? It's
usually really better to just send it by mail, so it's archived in the
mailing list etc.
Samuel