From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44051) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avQty-0006vQ-8X for qemu-devel@nongnu.org; Wed, 27 Apr 2016 10:57:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1avQtw-0005Fu-Hm for qemu-devel@nongnu.org; Wed, 27 Apr 2016 10:57:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:49571) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1avQtw-0005Fh-C3 for qemu-devel@nongnu.org; Wed, 27 Apr 2016 10:57:16 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EBE546314C for ; Wed, 27 Apr 2016 14:57:15 +0000 (UTC) References: <1461767349-15329-1-git-send-email-armbru@redhat.com> <1461767349-15329-3-git-send-email-armbru@redhat.com> From: Eric Blake Message-ID: <5720D34A.7030909@redhat.com> Date: Wed, 27 Apr 2016 08:57:14 -0600 MIME-Version: 1.0 In-Reply-To: <1461767349-15329-3-git-send-email-armbru@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hjNmOS1FxvmbIlpUKc6RmRe0vUiOf0HrR" Subject: Re: [Qemu-devel] [PATCH for-2.6 2/3] replay: Fix dangling location bug in replay_configure() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Markus Armbruster , qemu-devel@nongnu.org Cc: Eduardo Habkost This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hjNmOS1FxvmbIlpUKc6RmRe0vUiOf0HrR Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/27/2016 08:29 AM, Markus Armbruster wrote: > replay_configure() pushes and pops a Location with automatic storage > duration. Except it fails to pop when -icount parameter "rr" isn't > given. cur_loc then points to unused stack space, and will most > likely get clobbered in short order. >=20 > Clobbered cur_loc can make loc_pop() and error_print_loc() crash or > report bogus locations. >=20 > Broken in commit 890ad55. >=20 > I didn't take the time to find a reproducer. >=20 > Cc: Eduardo Habkost > Signed-off-by: Markus Armbruster > --- > replay/replay.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) >=20 Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --hjNmOS1FxvmbIlpUKc6RmRe0vUiOf0HrR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXINNKAAoJEKeha0olJ0NqfpsH/1tb2oQ6fEUHg7vSQPM2t6z2 laXXhDrHorGDdZYsZQmtb9NC0FSf2JgQCIr/icnp08HK/xWxEcK/Jycv6R6XARNa 3WiPQAN/ihGhb+emIZEITjGedXoyq+KnRuowy4wEkgfcOl03tPq5paZ6JpwFX0uV E3INrsEQO2ppRg5Je+mrKuU4pznL72yQR5lih+mhj0MzNsJ24s3c1Jpd1qAjGQAy XlHJgQNLJ7g6S2EsnAl+R+EOJu5Lsgb5tq++KFIkEWVEyiSd143STVB8IQN5Y7e1 c1Uqn3kApo1pkBSspogsmnrt9R2vjMoxYQdARUd2BnQxkoMG/UA4Ncjdda6C9pY= =nzT7 -----END PGP SIGNATURE----- --hjNmOS1FxvmbIlpUKc6RmRe0vUiOf0HrR--