| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D54942F-92F0-429D-9F54-3D8F7705D576@gmail.com>
Date: Thu, 19 Jan 2023 12:49:23 +0800
From: Xinghui Li <korantwork@...il.com>
To: Hans Verkuil <hverkuil-cisco@...all.nl>, <mchehab@...nel.org>
CC: <linux-kernel@...r.kernel.org>, <linux-media@...r.kernel.org>,
Xinghui Li <korantli@...cent.com>, loydlv <loydlv@...cent.com>
Subject: Re: [PATCH] media:cec:fix double free and uaf issue when cancel data
during noblocking
在 2023/1/18 18:18,“Hans Verkuil”<hverkuil-cisco@...all.nl <mailto:hverkuil-cisco@...all.nl>> 写入:
>...while this free is called if data->blocking is true. (see the 'if (!block) return 0;'
>further up).
Do you mean this code?
/* All done if we don't need to block waiting for completion */
if (!block)
return 0;
I notice this part code. But I'm not sure if 'block' will be modified in other sync operations.
So I sent this patch for community to review.
>So I have my doubts if this patch actually addresses the correct issue.
>Do you have an actual debug trace of the UAF? Or even better, code to reproduce
>this issue.
And we found this issue by the code scanning tool developed by loydlv and filtered from 200 issue by human.
So it could be the none-issue. If so, I hope I didn't waste too much of your time. __
Powered by blists - more mailing lists