Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-04-06 Thread Michael S. Tsirkin
; Thanks, > Wentao > From 8ece42bda1099a9a0df584cac2478ec5a6e83924 Mon Sep 17 00:00:00 2001 > From: Wentao_Liang > Date: Fri, 25 Feb 2022 11:49:54 +0800 > Subject: [PATCH] Fix a potential Use-after-free in > virtio_iommu_handle_command() (v6.2.0). > > Signed-off-by: Wentao_Liang > --- > hw/vi

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-02-24 Thread wliang
49:54 +0800 Subject: [PATCH] Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0). Signed-off-by: Wentao_Liang --- hw/virtio/virtio-iommu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index aa9c16a17b..a394901347 100644

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-02-23 Thread wliang
> > thanks for your report and patch - but to make sure that the right > > people get attention, please use the scripts/get_maintainer.pl script to > > get a list of people who should be on CC:, or look into the MAINTAINERS > > file directly (for the next time - this time, I've CC:ed them now a

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-02-23 Thread Eric Auger
Hi, On 2/23/22 5:02 PM, Thomas Huth wrote: > On 23/02/2022 15.36, wli...@stu.xidian.edu.cn wrote: >> Hi all, >> >> I find a potential Use-after-free in QEMU 6.2.0, which is in >> virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). >> >> Specifically, in the loop body, the variable 'buf' al

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-02-23 Thread Philippe Mathieu-Daudé
On 23/2/22 17:02, Thomas Huth wrote: On 23/02/2022 15.36, wli...@stu.xidian.edu.cn wrote: Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). I'm looking forward to your confirmation.  Hi, thanks for your repor

Re: Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-02-23 Thread Thomas Huth
On 23/02/2022 15.36, wli...@stu.xidian.edu.cn wrote: Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). Specifically, in the loop body, the variable 'buf' allocated at line 639 can be freed by g_free() at line 659.

Fix a potential Use-after-free in virtio_iommu_handle_command() (v6.2.0).

2022-02-23 Thread wliang
Hi all, I find a potential Use-after-free in QEMU 6.2.0, which is in virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). Specifically, in the loop body, the variable 'buf' allocated at line 639 can be freed by g_free() at line 659. However, if the execution path enters the loop body