在 2023/1/18 18:18,“Hans Verkuil”<hverkuil-cisco@xxxxxxxxx <mailto:hverkuil-cisco@xxxxxxxxx>> 写入: >...while this free is called if data->blocking is true. (see the 'if (!block) return 0;' >further up). Do you mean this code? /* All done if we don't need to block waiting for completion */ if (!block) return 0; I notice this part code. But I'm not sure if 'block' will be modified in other sync operations. So I sent this patch for community to review. >So I have my doubts if this patch actually addresses the correct issue. >Do you have an actual debug trace of the UAF? Or even better, code to reproduce >this issue. And we found this issue by the code scanning tool developed by loydlv and filtered from 200 issue by human. So it could be the none-issue. If so, I hope I didn't waste too much of your time. __
