From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1L5mWS-0001hY-IY
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 14:27:32 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1L5mWR-0001hM-Bt
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 14:27:32 -0500
Received: from [199.232.76.173] (port=36291 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1L5mWR-0001hJ-7W
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 14:27:31 -0500
Received: from gw.sandvine.com ([199.243.201.138]:33299)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <emaste@freebsd.org>) id 1L5mWQ-0000We-Sc
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 14:27:31 -0500
Date: Thu, 27 Nov 2008 14:05:06 -0500
From: Ed Maste <emaste@freebsd.org>
Subject: Re: [Qemu-devel] possible bug in block-vmdk.c
Message-ID: <20081127190506.GA38570@sandvine.com>
References: <dbb96ca80811270606l4688f43dr9850d6b5c4359e37@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <dbb96ca80811270606l4688f43dr9850d6b5c4359e37@mail.gmail.com>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

On Thu, Nov 27, 2008 at 06:06:53AM -0800, Rosen Sharma wrote:

> bdrv_delete(s->hd) frees the memory pointed to by s->hd.
> 
> vmdk_parent_close accesses the freed memory?

This was fixed by:

---
Revision: 4526
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=4526
Author:   ths
Date:     2008-05-22 13:51:48 +0000 (Thu, 22 May 2008)

Log Message:
-----------
Fix block-vmdk.c:vmdk_close() use-after-free, by Ed Maste.
---

-Ed