转发: Qemu asan test reported heap-use-after-free error when using qxl and spice

转发: Qemu asan test reported heap-use-after-free error when using qxl and spice

[zhangjianguo (A) via]

[-- Attachment #1.1.1: Type: text/plain, Size: 926 bytes --]



发件人: fengzhuoran <fengzhuoran@huawei.com>
发送时间: 2023年7月6日 20:38
收件人: zhangjianguo (A) <zhangjianguo18@huawei.com>
主题: Qemu asan test reported heap-use-after-free error when using qxl and spice

Qemu：qemu-6.2
Spice server: 0.14.3
GuestOS：kylinOS desktop（or other guestos with desktop）
vm xml：My VM xml is in the email attachment.

When we tested QEMU with asan, we found a heap-use-after-free error. The error message is as follows：
[cid:image003.jpg@01D9B049.D18FBE60]

[cid:image004.png@01D9B049.0C5E7B40]
I think the reason for the problem is that the cursor pointer was not set to NULL when qemu call cursor_put. But I don't know what situation will trigger this error.
This error is difficult to reproduce by natural.

[cid:image005.png@01D9B049.0C5E7B40]
I can get the same error by calling cursor_put twice.

I don't know if this is a bug in QEMU and I am looking for help.

[-- Attachment #1.1.2: Type: text/html, Size: 5845 bytes --]

[-- Attachment #1.2: image004.png --]
[-- Type: image/png, Size: 14677 bytes --]

[-- Attachment #1.3: image005.png --]
[-- Type: image/png, Size: 36032 bytes --]

[-- Attachment #1.4: image003.jpg --]
[-- Type: image/jpeg, Size: 57130 bytes --]

[-- Attachment #2: kylin.xml --]
[-- Type: application/xml, Size: 10225 bytes --]