Re: Use-after-free in ppoll

On Sun, Nov 22, 2015 at 7:46 PM, Rainer Weikusat wrote: > Dmitry Vyukov writes: >> On Sun, Nov 22, 2015 at 3:32 PM, Rainer Weikusat >> wrote: >>> Dmitry Vyukov writes: Hello, On commit f2d10565b9bdbb722bd43e6e1a759eeddb9645c8 (Nov 20). The following program triggers use

Re: Use-after-free in ppoll

Rainer Weikusat writes: [...] > because of the close, this routine will be called with the peer_wait > wait_queue_head of the non-closed socket of the socket pair as > wait_address argument. This should have been "peer_wait wait_queue_head of the peer of the non-closed socket, ie, that of the

Re: Use-after-free in ppoll

Dmitry Vyukov writes: > On Sun, Nov 22, 2015 at 3:32 PM, Rainer Weikusat > wrote: >> Dmitry Vyukov writes: >>> Hello, >>> >>> On commit f2d10565b9bdbb722bd43e6e1a759eeddb9645c8 (Nov 20). >>> >>> The following program triggers use-after-free: >>> >>> // autogenerated by syzkaller (http://github.c

Re: Use-after-free in ppoll

On Sun, Nov 22, 2015 at 3:32 PM, Rainer Weikusat wrote: > Dmitry Vyukov writes: >> Hello, >> >> On commit f2d10565b9bdbb722bd43e6e1a759eeddb9645c8 (Nov 20). >> >> The following program triggers use-after-free: >> >> // autogenerated by syzkaller (http://github.com/google/syzkaller) >> #include >

Re: Use-after-free in ppoll

Dmitry Vyukov writes: > Hello, > > On commit f2d10565b9bdbb722bd43e6e1a759eeddb9645c8 (Nov 20). > > The following program triggers use-after-free: > > // autogenerated by syzkaller (http://github.com/google/syzkaller) > #include > #include > #include > #include > > void *thread(void *p) > { >

Use-after-free in ppoll

Hello, On commit f2d10565b9bdbb722bd43e6e1a759eeddb9645c8 (Nov 20). The following program triggers use-after-free: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include #include void *thread(void *p) { syscall(SYS_write, (long)p, 0x2000278ful,