Hi all,
I find a potential Use-after-free in QEMU 6.2.0, which is in
test_blockjob_common_drain_node() (./tests/unit/test-bdrv-drain.c).
Specifically, at line 880, the variable 'scr' is released by the bdrv_unref().
However, at line 881, it is subsequently used as the 1st parameter of the
fun
>
> The fix is correct. We just need the submission formatted properly, with
> your
> Signed-off-by tag. When re-formatting, you can add my
>
> Reviewed-by: Richard Henderson
>
> r~
Hi guys,
Thank you for waiting for me.
Here is a new patch with Signed-off-by tags.
Best,
Wentao
From 1
Hi all,
Here is a new patch with Signed-off-by tags.
The old one is wrong for it did't have Signed-off-by tags.
I am looking forward to your confirmation.
Thanks,
Wentao
From 8ece42bda1099a9a0df584cac2478ec5a6e83924 Mon Sep 17 00:00:00 2001
From: Wentao_Liang
Date: Fri, 25 Feb 2022 11:49:54 +080
>
> yes. Could you please send a patch using g_autofree ?
>
> Thanks,
>
> C.
Here is the new patch.
Thanks,
WentaoFrom 8ed76446f78ab1b4152403fdb9dd6f349d6fd52e Mon Sep 17 00:00:00 2001
From: Wentao_Liang
Date: Fri, 25 Feb 2022 11:17:33 +0800
Subject: [PATCH] Fix a potential memory leak bug
> > thanks for your report and patch - but to make sure that the right
> > people get attention, please use the scripts/get_maintainer.pl script to
> > get a list of people who should be on CC:, or look into the MAINTAINERS
> > file directly (for the next time - this time, I've CC:ed them now a
Hi all,
I find a potential Use-after-free in QEMU 6.2.0, which is in
virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c).
Specifically, in the loop body, the variable 'buf' allocated at line 639 can be
freed by g_free() at line 659. However, if the execution path enters the loop
body
Hi all,
I find a potential Use-after-free bug in QEMU 6.2.0, which is in
handle_simd_shift_fpint_conv()(./target/arm/translate-a64.c).
At line 9048, a variable 'tcg_fpstatus' is freed by invoking
tcg_temp_free_ptr(). However, at line 9050, the variable 'tcg_fpstatus' is
subsequently use as th
Hi all,
I find a potential Use-after-free in QEMU 6.2.0, which is in
test_blockjob_common_drain_node() (./tests/unit/test-bdrv-drain.c).
Specifically, at line 880, the variable 'scr' is released by the bdrv_unref().
However, at line 881, it is subsequently used as the 1st parameter of the
func
Hi all,
I find a memory leak bug in QEMU 6.2.0, which is in
write_boot_rom()(./hw/arm/aspeed.c).
Specifically, at line 276, a memory chunk is allocated with g_new0() and
assigned to the variable 'storage'. However, if the branch takes true at line
277, there will be only an error report at lin
