From: Jacek Caban <jacek@codeweavers.com>
Subject: Re: [PATCH] ieframe: Clear a being invalidated history entry.
Message-Id: <0dc6e9f0-55c6-cfd0-4326-903b98f5d4ce@codeweavers.com>
Date: Tue, 25 Jan 2022 18:01:42 +0100
In-Reply-To: <20220124170445.3e7ba06816d83527e7277d77@baikal.ru>
References: <20220124170445.3e7ba06816d83527e7277d77@baikal.ru>

Hi Dmitry,

On 1/24/22 15:04, Dmitry Timoshkov wrote:
> update_travellog() in order to clear forward history calls free_travellog_entry() to
> invalidate forward history entries, and when later an entry gets reused entry->stream
> contains a no longer valid pointer.


How does it "get reused"? Note that log buffer is also initially not 
zero-initialized and generally depends on proper bounds checks. 
update_travellog() decrements length when it clears forward history, 
which should prevent us from treating those entries as valid.


Thanks,

Jacek