On Mon, May 01, 2023 at 10:19:56AM -0400, Alexander Bulekov wrote:
> A BH callback can free the BH, causing a use-after-free in aio_bh_call.
> Fix that by keeping a local copy of the re-entrancy guard pointer.
>
> Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58513
> Fixes: 9c86c9
On 01/05/2023 16.19, Alexander Bulekov wrote:
A BH callback can free the BH, causing a use-after-free in aio_bh_call.
Fix that by keeping a local copy of the re-entrancy guard pointer.
Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58513
Fixes: 9c86c97f12 ("async: Add an optional
A BH callback can free the BH, causing a use-after-free in aio_bh_call.
Fix that by keeping a local copy of the re-entrancy guard pointer.
Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58513
Fixes: 9c86c97f12 ("async: Add an optional reentrancy guard to the BH API")
Signed-off-by:
