From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:44666)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <thardeck@suse.de>) id 1TNNwf-0002fk-Hv
	for qemu-devel@nongnu.org; Sun, 14 Oct 2012 09:09:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <thardeck@suse.de>) id 1TNNwe-00010v-IB
	for qemu-devel@nongnu.org; Sun, 14 Oct 2012 09:09:29 -0400
Received: from cantor2.suse.de ([195.135.220.15]:54587 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <thardeck@suse.de>) id 1TNNwe-00010N-AX
	for qemu-devel@nongnu.org; Sun, 14 Oct 2012 09:09:28 -0400
Received: from relay2.suse.de (unknown [195.135.220.254])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx2.suse.de (Postfix) with ESMTP id 17E3DA24CA
	for <qemu-devel@nongnu.org>; Sun, 14 Oct 2012 15:09:27 +0200 (CEST)
From: Tim Hardeck <thardeck@suse.de>
Date: Sun, 14 Oct 2012 15:08:48 +0200
Message-Id: <1350220128-10140-3-git-send-email-thardeck@suse.de>
In-Reply-To: <1350220128-10140-1-git-send-email-thardeck@suse.de>
References: <1350220128-10140-1-git-send-email-thardeck@suse.de>
Subject: [Qemu-devel] [PATCH 2/2] qemu queue: fix uninitialized removals
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Tim Hardeck <thardeck@suse.de>

When calling QTAILQ_REMOVE or QLIST_REMOVE on an unitialized list
QEMU segfaults.

Check for this case specifically on item removal.

Signed-off-by: Tim Hardeck <thardeck@suse.de>
---
 qemu-queue.h |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/qemu-queue.h b/qemu-queue.h
index 9288cd8..47ed239 100644
--- a/qemu-queue.h
+++ b/qemu-queue.h
@@ -141,7 +141,9 @@ struct {                                                                \
         if ((elm)->field.le_next != NULL)                               \
                 (elm)->field.le_next->field.le_prev =                   \
                     (elm)->field.le_prev;                               \
-        *(elm)->field.le_prev = (elm)->field.le_next;                   \
+        if ((elm)->field.le_prev != NULL) {                             \
+            *(elm)->field.le_prev = (elm)->field.le_next;               \
+        }                                                               \
 } while (/*CONSTCOND*/0)
 
 #define QLIST_FOREACH(var, head, field)                                 \
@@ -381,7 +383,9 @@ struct {                                                                \
                     (elm)->field.tqe_prev;                              \
         else                                                            \
                 (head)->tqh_last = (elm)->field.tqe_prev;               \
-        *(elm)->field.tqe_prev = (elm)->field.tqe_next;                 \
+        if ((elm)->field.tqe_prev != NULL) {                            \
+            *(elm)->field.tqe_prev = (elm)->field.tqe_next;             \
+        }                                                               \
 } while (/*CONSTCOND*/0)
 
 #define QTAILQ_FOREACH(var, head, field)                                \
-- 
1.7.10.4