From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49147) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VLvPs-00082f-Gh for qemu-devel@nongnu.org; Tue, 17 Sep 2013 09:34:14 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VLvPm-0004DH-Fl for qemu-devel@nongnu.org; Tue, 17 Sep 2013 09:34:08 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40979) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VLvPm-0004Cn-7z for qemu-devel@nongnu.org; Tue, 17 Sep 2013 09:34:02 -0400 From: Igor Mammedov Date: Tue, 17 Sep 2013 15:32:32 +0200 Message-Id: <1379424752-11456-1-git-send-email-imammedo@redhat.com> Subject: [Qemu-devel] [PATCH] qdev: fix crash when device_add is called with abstract driver List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Wenchao Xia , =?UTF-8?q?Andreas=20F=C3=A4rber?= , Anthony Liguori , Stefan Weil user is able to crash running QEMU when following monitor command is called: device_add intel-hda-generic crash is caused by assertion in object_initialize_with_type() when type is abstract. Checking if type is abstract before instance is created in qdev_device_add() allows to prevent crash on incorrect user input. Signed-off-by: Igor Mammedov --- qdev-monitor.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/qdev-monitor.c b/qdev-monitor.c index 410cdcb..bb2e1b6 100644 --- a/qdev-monitor.c +++ b/qdev-monitor.c @@ -472,6 +472,12 @@ DeviceState *qdev_device_add(QemuOpts *opts) return NULL; } + if (object_class_is_abstract(obj)) { + qerror_report(QERR_INVALID_PARAMETER_VALUE, "driver", + "non-abstract device type"); + return NULL; + } + k = DEVICE_CLASS(obj); /* find bus */ -- 1.7.1