[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/2] zero pointer after bdrv_unref_child
From: |
Vladimir Sementsov-Ogievskiy |
Subject: |
[PATCH 0/2] zero pointer after bdrv_unref_child |
Date: |
Mon, 16 Mar 2020 09:06:29 +0300 |
Hi all!
I faced use-after-free of bs->backing pointer after bdrv_unref_child in
bdrv_set_backing_hd.
Fix it, and do similar thing for s->data_file in qcow2.c.
I'm not sure that this is the full fix. Is it safe to keep bs->backing
during bdrv_unref_child itself? Is it safe to keep bs->backing during
all-child-unref loop in bdrv_close?
Vladimir Sementsov-Ogievskiy (2):
block: bdrv_set_backing_bs: fix use-after-free
block/qcow2: zero data_file child after free
block.c | 2 +-
block/qcow2.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
--
2.21.0
- [PATCH 0/2] zero pointer after bdrv_unref_child,
Vladimir Sementsov-Ogievskiy <=