blob: 540b4e7302fe9c244da8e65c12e2964500f20d06 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
id = 1381
title = "plugins: plugin_mem_cbs is not consistently NULL'ed when returning from execution"
state = "closed"
created_at = "2022-12-18T05:02:50.298Z"
closed_at = "2023-03-22T22:10:45.989Z"
labels = ["Closed::Fixed", "TCG plugins"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/1381"
host-os = "n/a"
host-arch = "n/a"
qemu-version = "n/a"
guest-os = "n/a"
guest-arch = "n/a"
description = """This is an invariant that we should have been checking for; when returning from execution, cpu->plugin_mem_cbs should be NULL. Otherwise we open a door for a use-after-free; admittedly this door isn't that large (it requires a tb_flush to occur while we have the dangling plugin_mem_cbs), but at least one plugin user has encountered this problem: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg02703.html"""
reproduce = "n/a"
additional = "n/a"
|