[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1892761] Re: Heap-use-after-free through double-fetch in ehci
From: |
Alexander Bulekov |
Subject: |
[Bug 1892761] Re: Heap-use-after-free through double-fetch in ehci |
Date: |
Mon, 14 Jun 2021 23:51:38 -0000 |
No. If we figure out some way to consistently reproduce double-fetches
in a non-fuzzer build, I'll report the issue again, but this can
probably be closed
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1892761
Title:
Heap-use-after-free through double-fetch in ehci
Status in QEMU:
Incomplete
Bug description:
Hello,
I don't have a qtest reproducer for this crash because it involves a DMA
double-fetch, and I don't think we can reproduce those with qtest.
Instead, I attached the pseudo-qtest trace produced by the fuzzer, along with
some trace events.
The lines annotated with [DMA] are write commands that were triggered by a
callback from a DMA read by the device. The lines annotated with [DOUBLE-FETCH]
are DMA accesses that hit the same address more than once (possible
double-fetches).
I am still thinking of nicer ways of presenting this trace and providing a
reproducer.
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1892761/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug 1892761] Re: Heap-use-after-free through double-fetch in ehci,
Alexander Bulekov <=