OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/util
History
Marc-André Lureau 64e16fbbf4 util: fix use-after-free in module_load_one 
g_hash_table_add always retains ownership of the pointer passed in as
the key. Its return status merely indicates whether the added entry was
new, or replaced an existing entry. Thus key must never be freed after
this method returns.

Spotted by ASAN:

==2407186==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020003ac4f0 at pc 0x7ffff766659c bp 0x7fffffffd1d0 sp 0x7fffffffc980
READ of size 1 at 0x6020003ac4f0 thread T0
    #0 0x7ffff766659b  (/lib64/libasan.so.6+0x8a59b)
    #1 0x7ffff6bfa843 in g_str_equal ../glib/ghash.c:2303
    #2 0x7ffff6bf8167 in g_hash_table_lookup_node ../glib/ghash.c:493
    #3 0x7ffff6bf9b78 in g_hash_table_insert_internal ../glib/ghash.c:1598
    #4 0x7ffff6bf9c32 in g_hash_table_add ../glib/ghash.c:1689
    #5 0x5555596caad4 in module_load_one ../util/module.c:233
    #6 0x5555596ca949 in module_load_one ../util/module.c:225
    #7 0x5555596ca949 in module_load_one ../util/module.c:225
    #8 0x5555596cbdf4 in module_load_qom_all ../util/module.c:349

Typical C bug...

Fixes: 90629122d2 ("module: use g_hash_table_add()")
Cc: qemu-stable@nongnu.org
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210316134456.3243102-1-marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
 		2021-04-01 15:27:44 +04:00
..
aio-posix.c qmp: Move dispatcher to a coroutine 2020-10-09 07:08:20 +02:00
aio-posix.h
aio-wait.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
aio-win32.c qmp: fix aio_poll() assertion failure on Windows 2020-11-03 16:24:56 +01:00
aiocb.c
async.c util/async: Add aio_co_reschedule_self() 2020-10-09 07:08:20 +02:00
atomic64.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
base64.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
bitmap.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
bitops.c
block-helpers.c block: move logical block size check function to a common utility function 2020-10-23 13:42:16 +01:00
block-helpers.h block: move logical block size check function to a common utility function 2020-10-23 13:42:16 +01:00
buffer.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
bufferiszero.c
cacheflush.c util/cacheflush: Fix error generated by clang 2021-01-21 13:00:41 +01:00
cacheinfo.c util: Enhance flush_icache_range with separate data pointer 2021-01-07 05:09:41 -10:00
compatfd.c util/compatfd.c: Only include <sys/syscall.h> if CONFIG_SIGNALFD 2020-07-13 14:36:10 +01:00
coroutine-sigaltstack.c coroutine-sigaltstack: Add SIGUSR2 mutex 2021-01-26 14:36:37 +01:00
coroutine-ucontext.c
coroutine-win32.c
crc-ccitt.c util: Add CRC16 (CCITT) calculation routines 2021-01-24 20:10:54 +01:00
crc32c.c
cutils.c utils: Work around mingw strto*l bug with 0x 2021-03-24 14:25:41 +00:00
dbus.c
drm.c util/drm: make portable by avoiding struct dirent d_type 2020-07-13 14:36:10 +01:00
envlist.c
error.c
event_notifier-posix.c event_notifier: Set ->initialized earlier in event_notifier_init() 2021-02-16 17:15:39 +01:00
event_notifier-win32.c
fdmon-epoll.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
fdmon-io_uring.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
fdmon-poll.c fdmon-poll: reset npfd when upgrading to fdmon-epoll 2020-09-23 13:45:52 +01:00
fifo8.c utils/fifo8: change fatal errors from abort() to assert() 2021-02-07 20:38:20 +00:00
filemonitor-inotify.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
filemonitor-stub.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
getauxval.c
guest-random.c
hbitmap.c
hexdump.c util/hexdump: introduce qemu_hexdump_line() 2020-09-29 02:14:30 -04:00
host-utils.c
id.c net: Use id_generate() in the network subsystem, too 2021-03-09 21:47:45 +01:00
iov.c util/iov: make qemu_iovec_init_extended() honest 2021-02-03 08:00:33 -06:00
iova-tree.c
keyval.c keyval: Use GString to accumulate value strings 2020-12-19 10:39:23 +01:00
lockcnt.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
log.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
main-loop.c qtest: delete superfluous inclusions of qtest.h 2021-03-09 06:03:53 +01:00
memfd.c
meson.build migration: introduce UFFD-WP low-level interface helpers 2021-02-08 11:19:51 +00:00
mmap-alloc.c memory: alloc RAM from file at offset 2021-02-09 20:53:56 +00:00
module.c util: fix use-after-free in module_load_one 2021-04-01 15:27:44 +04:00
notify.c
nvdimm-utils.c Clean up includes 2020-12-10 17:16:44 +01:00
osdep.c Pull request trivial patches 20200919 2020-09-22 15:42:23 +01:00
oslib-posix.c memory: alloc RAM from file at offset 2021-02-09 20:53:56 +00:00
oslib-win32.c util/oslib-win32: Fix _aligned_malloc() arguments order 2021-01-11 14:59:21 +01:00
pagesize.c
path.c
qdist.c
qemu-co-shared-resource.c
qemu-config.c qemu-config: add error propagation to qemu_config_parse 2021-03-06 11:41:54 +01:00
qemu-coroutine-io.c
qemu-coroutine-lock.c coroutine: let CoQueue wake up outside a coroutine 2020-11-04 08:02:24 +01:00
qemu-coroutine-sleep.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
qemu-coroutine.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
qemu-error.c error: rename error_with_timestamp to message_with_timestamp 2021-02-01 10:50:55 +00:00
qemu-openpty.c util/qemu-openpty.c: Don't assume pty.h is glibc-only 2020-07-13 14:36:09 +01:00
qemu-option.c qemu-option: do not suggest using the delay option 2021-03-06 11:42:57 +01:00
qemu-print.c monitor: Use getter/setter functions for cur_mon 2020-10-09 07:08:19 +02:00
qemu-progress.c util/: fix some comment spelling errors 2020-09-17 20:38:42 +02:00
qemu-sockets.c sockets: Make abstract UnixSocketAddress depend on CONFIG_LINUX 2020-11-03 13:17:25 +00:00
qemu-thread-common.h
qemu-thread-posix.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
qemu-thread-win32.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
qemu-timer-common.c semihosting: Implement SYS_ELAPSED and SYS_TICKFREQ 2021-01-18 10:05:06 +00:00
qemu-timer.c ppc patch queue for 2021-03-10 2021-03-12 11:30:55 +00:00
qht.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
qsp.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
range.c
rcu.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
readline.c readline: Fix possible array index out of bounds in readline_hist_add() 2021-01-04 11:13:39 +00:00
selfmap.c
stats64.c qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
sys_membarrier.c
systemd.c
thread-pool.c
throttle.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
timed-average.c
trace-events migration: introduce UFFD-WP low-level interface helpers 2021-02-08 11:19:51 +00:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
unicode.c
uri.c
userfaultfd.c migration: introduce UFFD-WP low-level interface helpers 2021-02-08 11:19:51 +00:00
uuid.c
vfio-helpers.c Pull request for 5.2 2020-11-23 13:03:13 +00:00
vhost-user-server.c util/vhost-user-server: move header to include/ 2020-10-23 13:42:16 +01:00
yank.c Introduce yank feature 2021-01-13 10:21:17 +01:00