From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34968)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bZvpM-0002Un-3L
	for qemu-devel@nongnu.org; Wed, 17 Aug 2016 04:03:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bZvpG-0000t2-3P
	for qemu-devel@nongnu.org; Wed, 17 Aug 2016 04:03:55 -0400
Received: from mx1.redhat.com ([209.132.183.28]:39036)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1bZvpF-0000sx-Tr
	for qemu-devel@nongnu.org; Wed, 17 Aug 2016 04:03:50 -0400
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4C1958553F
	for <qemu-devel@nongnu.org>; Wed, 17 Aug 2016 08:03:49 +0000 (UTC)
From: Markus Armbruster <armbru@redhat.com>
References: <50710af43689d251448f6b2f8d5606956758c998.1471360024.git.mprivozn@redhat.com>
Date: Wed, 17 Aug 2016 10:03:47 +0200
In-Reply-To: <50710af43689d251448f6b2f8d5606956758c998.1471360024.git.mprivozn@redhat.com>
	(Michal Privoznik's message of "Tue, 16 Aug 2016 17:17:07 +0200")
Message-ID: <87r39nsty4.fsf@dusky.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH] qemu_opt_foreach: Fix crasher
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Michal Privoznik <mprivozn@redhat.com>
Cc: qemu-devel@nongnu.org

Michal Privoznik <mprivozn@redhat.com> writes:

> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x000055baf6ab4adc in qemu_opt_foreach (opts=0x0, func=0x55baf696b650 <net_vhost_chardev_opts>, opaque=0x7ffc51368c00, errp=0x7ffc51368e48) at util/qemu-option.c:617
> 617         QTAILQ_FOREACH(opt, &opts->head, next) {
> [Current thread is 1 (Thread 0x7f1d4970bb40 (LWP 6603))]
> (gdb) bt
> #0  0x000055baf6ab4adc in qemu_opt_foreach (opts=0x0, func=0x55baf696b650 <net_vhost_chardev_opts>, opaque=0x7ffc51368c00, errp=0x7ffc51368e48) at util/qemu-option.c:617
> #1  0x000055baf696b7da in net_vhost_parse_chardev (opts=0x55baf8ff9260, errp=0x7ffc51368e48) at net/vhost-user.c:314

This is where the null opts come from:

    CharDriverState *chr = qemu_chr_find(opts->chardev);
    VhostUserChardevProps props;

    if (chr == NULL) {
        error_setg(errp, "chardev \"%s\" not found", opts->chardev);
        return NULL;
    }

    /* inspect chardev opts */
    memset(&props, 0, sizeof(props));
    if (qemu_opt_foreach(chr->opts, net_vhost_chardev_opts, &props, errp)) {
        return NULL;
    }

Can CharDriverState member opts be legitimately null?  If yes, then its
definition needs a comment.  But I suspect the answer is no.

[...]