yintao707 opened a new pull request, #14118:
URL: https://github.com/apache/nuttx/pull/14118
*Note: Please adhere to [Contributing Guidelines](../CONTRIBUTING.md).*
## Summary
Fix possible use-after-free issues when closing
#0 0x6f9bf9 in rpmsg_socket_ns_unbind rpmsg/rpmsg_sockif.c:445
#1 0x645660 in rpmsg_virtio_ns_callback
open-amp/lib/rpmsg/rpmsg_virtio.c:674
#2 0x6449e0 in rpmsg_virtio_rx_callback
open-amp/lib/rpmsg/rpmsg_virtio.c:601
#3 0x64fa61 in virtqueue_notification open-amp/lib/virtio/virtqueue.c:711
#4 0x63bd4b in rproc_virtio_notified
open-amp/lib/remoteproc/remoteproc_virtio.c:433
#5 0x637205 in remoteproc_get_notification
open-amp/lib/remoteproc/remoteproc.c:1006
#6 0x55940c in rptun_worker rptun/rptun.c:329
#7 0x55982d in rptun_thread rptun/rptun.c:370
#8 0x52ba44 in nxtask_start task/task_start.c:129
#9 0x59e8b4 in pre_start sim/sim_initialstate.c:52
0xf3f03ca4 is located 100 bytes inside of 308-byte region
[0xf3f03c40,0xf3f03d74)
freed by thread T0 here:
#0 0xf7aa6414 in __interceptor_free
../../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122
#1 0x732f9c in host_free sim/posix/sim_hostmemory.c:197
#2 0x5a0bc7 in mm_free sim/sim_heap.c:230
#3 0x59b708 in free umm_heap/umm_free.c:49
#4 0x6f7243 in rpmsg_socket_free rpmsg/rpmsg_sockif.c:266
#5 0x7025c8 in rpmsg_socket_close rpmsg/rpmsg_sockif.c:1360
#6 0x6f0eb8 in psock_close socket/net_close.c:102
#7 0x6036eb in sock_file_close socket/socket.c:115
#8 0x5ef1d6 in file_close vfs/fs_close.c:74
#9 0x5ecccd in nx_close_from_tcb inode/fs_files.c:670
#10 0x5ecd65 in nx_close inode/fs_files.c:697
#11 0x5ecd90 in close inode/fs_files.c:735
## Impact
none
## Testing
sim/qemu
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
