From: xjdeng <micro6947@gmail.com>
To: qemu-devel@nongnu.org
Cc: xjdeng <micro6947@gmail.com>
Subject: [PATCH] qtest/migration: Fix potential NPD through getenv
Date: Fri, 27 Jun 2025 11:03:19 +0800 [thread overview]
Message-ID: <20250627030319.470-1-micro6947@gmail.com> (raw)
In `find_common_machine_version`, the code previously assumed that
`getenv(var1)` and `getenv(var2)` would always return non-NULL values.
However, if either environment variable is not set, `getenv` returns
NULL, which could lead to a null pointer dereference.
Tracing upstream usage: `find_common_machine_version` is called by
`resolve_machine_version` with `QEMU_ENV_SRC` and `QEMU_ENV_DST`.
`resolve_machine_version` is used by `migrate_start`, which is called
by `migrate_postcopy_prepare`, and ultimately by `test_postcopy_common`.
In `test_postcopy_common`, after `migrate_postcopy_prepare`, the
function `migrate_postcopy_complete` is called. Inside,
`migration_get_env` checks if `QEMU_ENV_SRC` and `QEMU_ENV_DST` are
set before use. Thus, these variables can be NULL, leading to a
potential null pointer dereference in `find_common_machine_version`.
Signed-off-by: xjdeng <micro6947@gmail.com>
---
tests/qtest/migration/migration-util.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/tests/qtest/migration/migration-util.c b/tests/qtest/migration/migration-util.c
index 642cf50c8d..45c9e164e2 100644
--- a/tests/qtest/migration/migration-util.c
+++ b/tests/qtest/migration/migration-util.c
@@ -203,8 +203,25 @@ char *find_common_machine_version(const char *mtype, const char *var1,
return g_strdup(type2);
}
- g_test_message("No common machine version for machine type '%s' between "
- "binaries %s and %s", mtype, getenv(var1), getenv(var2));
+ char *varstring1 = getenv(var1);
+ char *varstring2 = getenv(var2);
+ if (varstring1 && varstring2) {
+ g_test_message("No common machine version for machine type '%s' "
+ "between binaries %s and %s",
+ mtype, varstring1, varstring2);
+ } else if (varstring1) {
+ g_test_message("No common machine version for machine type '%s' "
+ "between binary %s and environment variable %s",
+ mtype, varstring1, var2);
+ } else if (varstring2) {
+ g_test_message("No common machine version for machine type '%s' "
+ "between binary %s and environment variable %s",
+ mtype, varstring2, var1);
+ } else {
+ g_test_message("No common machine version for machine type '%s' "
+ "between environment variables %s and %s",
+ mtype, var1, var2);
+ }
g_assert_not_reached();
}
--
2.27.0.windows.1
next reply other threads:[~2025-06-27 3:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-27 3:03 xjdeng [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-06-27 2:42 [PATCH] qtest/migration: Fix potential NPD through getenv xjdeng
2025-06-27 20:52 ` Fabiano Rosas
2025-06-29 2:20 ` Xingjing Deng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250627030319.470-1-micro6947@gmail.com \
--to=micro6947@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.