[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] use after free in usb code
From: |
Bruce Rogers |
Subject: |
[Qemu-devel] use after free in usb code |
Date: |
Thu, 14 Jun 2012 23:02:57 -0600 |
Hi,
A bug was reported against qemu v1.1 in openSUSE 12.2.
See: https://bugzilla.novell.com/show_bug.cgi?id=766310
I've discovered that uhci_queue_free is called with a queue
that is still active. Bisecting shows that this bug was introduced
in git commit id d9a528db7f2d71d92e869e20bda37774f11fbbe1.
Setting the queue memory to some non-zero value before it is
freed helps expose the issue.
In addition to the -usbdevice tablet case reported in the bug, I
also see the same problem with -usbdevice net and -usbdevice
audio, while other usb devices that I tested don't show this
problem.
Bruce
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] use after free in usb code,
Bruce Rogers <=