xenbits.xensource.com Git - qemu-xen-4.6-testing.git/commit

]> xenbits.xensource.com Git - qemu-xen-4.6-testing.git/commit

projects / qemu-xen-4.6-testing.git / commit

author	Paolo Bonzini <pbonzini@redhat.com>
	Fri, 25 Nov 2011 11:06:22 +0000 (12:06 +0100)
committer	Kevin Wolf <kwolf@redhat.com>
	Thu, 15 Dec 2011 11:40:33 +0000 (12:40 +0100)
commit	bd83b3620517ef9f2079cfda465953e60263f623
tree	f9b07a82ad4e56215f022dc5a6142c32f87bd6d6	tree
parent	16d2fc002a01cdd77e696ecc69de54db6720476a	commit \| diff

qiov: prevent double free or use-after-free

qemu_iovec_destroy does not clear the QEMUIOVector fully, and the data
could thus be used after free or freed again. While I do not know any
example in the tree, I observed this using virtio-scsi (and SCSI
scatter/gather) when canceling DMA requests.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

cutils.c

diff | blob | history

Unnamed repository; edit this file to name it for gitweb.

RSS Atom