From: David Gibson <david@gibson.dropbear.id.au>
To: Oleg Sviridov <oleg.sviridov@red-soft.ru>
Cc: Nicholas Piggin <npiggin@gmail.com>,
Daniel Henrique Barboza <danielhb413@gmail.com>,
Harsh Prateek Bora <harshpb@linux.ibm.com>,
Jason Wang <jasowang@redhat.com>,
qemu-ppc@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [PATCH] hw/net: prevent potential NULL dereference
Date: Thu, 30 May 2024 10:29:07 +1000 [thread overview]
Message-ID: <ZlfIU7TOiXnP96Aa@zatzit> (raw)
In-Reply-To: <20240529110804.3636963-1-oleg.sviridov@red-soft.ru>
[-- Attachment #1: Type: text/plain, Size: 1288 bytes --]
On Wed, May 29, 2024 at 02:07:18PM +0300, Oleg Sviridov wrote:
> Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and is dereferenced immediately after.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Oleg Sviridov <oleg.sviridov@red-soft.ru>
> ---
> hw/net/spapr_llan.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
> index ecb30b7c76..f40b733229 100644
> --- a/hw/net/spapr_llan.c
> +++ b/hw/net/spapr_llan.c
> @@ -770,6 +770,10 @@ static target_ulong h_change_logical_lan_mac(PowerPCCPU *cpu,
> SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
Hmm... I thought VIO_SPAPR_VLAN_DEVICE() was supposed to abort if sdev
was NULL or not of the right type. Or have the rules for qom helpers
changed since I wrote this.
> int i;
>
> + if (!dev) {
> + return H_PARAMETER;
> + }
> +
> for (i = 0; i < ETH_ALEN; i++) {
> dev->nicconf.macaddr.a[ETH_ALEN - i - 1] = macaddr & 0xff;
> macaddr >>= 8;
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-05-30 0:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-29 11:07 [PATCH] hw/net: prevent potential NULL dereference Oleg Sviridov
2024-05-29 13:52 ` Philippe Mathieu-Daudé
2024-05-30 14:38 ` Олег Свиридов
2024-05-30 0:29 ` David Gibson [this message]
2024-05-30 9:03 ` Peter Maydell
2024-05-31 4:52 ` David Gibson
2024-05-31 7:36 ` [PATCH v2] " Oleg Sviridov
2024-07-01 15:02 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZlfIU7TOiXnP96Aa@zatzit \
--to=david@gibson.dropbear.id.au \
--cc=danielhb413@gmail.com \
--cc=harshpb@linux.ibm.com \
--cc=jasowang@redhat.com \
--cc=npiggin@gmail.com \
--cc=oleg.sviridov@red-soft.ru \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.