From: Nicholas Piggin <npiggin@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Nicholas Piggin" <npiggin@gmail.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
qemu-devel@nongnu.org
Subject: [PATCH 1/2] chardev: Fix record/replay error path NULL deref in device creation
Date: Wed, 28 Aug 2024 14:33:34 +1000 [thread overview]
Message-ID: <20240828043337.14587-2-npiggin@gmail.com> (raw)
In-Reply-To: <20240828043337.14587-1-npiggin@gmail.com>
qemu_chardev_set_replay() was being called in chardev creation to
set up replay parameters even if the chardev is NULL.
A segfault can be reproduced by specifying '-serial chardev:bad' with
an rr=record mode.
Fix this with a NULL pointer check.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Resolves: Coverity CID 1559470
Fixes: 4c193bb129dae ("chardev: set record/replay on the base device of a muxed device")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
---
chardev/char.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chardev/char.c b/chardev/char.c
index ba847b6e9e..47a744ebeb 100644
--- a/chardev/char.c
+++ b/chardev/char.c
@@ -721,7 +721,7 @@ static Chardev *__qemu_chr_new(const char *label, const char *filename,
if (strstart(filename, "chardev:", &p)) {
chr = qemu_chr_find(p);
- if (replay) {
+ if (replay && chr) {
qemu_chardev_set_replay(chr, &err);
if (err) {
error_report_err(err);
--
2.45.2
next prev parent reply other threads:[~2024-08-28 4:34 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-28 4:33 [PATCH 0/2] chardev: fixes for recent record/replay on muxed Nicholas Piggin
2024-08-28 4:33 ` Nicholas Piggin [this message]
2024-08-28 15:43 ` [PATCH 1/2] chardev: Fix record/replay error path NULL deref in device creation Peter Maydell
2024-08-28 4:33 ` [PATCH 2/2] chardev: Remove __-prefixed names Nicholas Piggin
2024-08-28 15:44 ` Peter Maydell
2024-08-28 6:41 ` [PATCH 0/2] chardev: fixes for recent record/replay on muxed Marc-André Lureau
2024-11-27 4:52 ` Nicholas Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240828043337.14587-2-npiggin@gmail.com \
--to=npiggin@gmail.com \
--cc=alex.bennee@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.