From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32827) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WhpfP-0005Td-MV for qemu-devel@nongnu.org; Tue, 06 May 2014 20:25:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WhpfI-00010C-Fw for qemu-devel@nongnu.org; Tue, 06 May 2014 20:24:59 -0400 Received: from mx-v6.kamp.de ([2a02:248:0:51::16]:34789 helo=mx01.kamp.de) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WhpfI-0000zd-58 for qemu-devel@nongnu.org; Tue, 06 May 2014 20:24:52 -0400 From: Peter Lieven Date: Wed, 7 May 2014 02:24:17 +0200 Message-Id: <1399422257-5912-1-git-send-email-pl@kamp.de> Subject: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Lieven , mdroth@linux.vnet.ibm.com, lcapitulino@redhat.com qemu segfaults if it receives an invalid parameter via a qmp command instead of throwing an error. For example: { "execute": "blockdev-add", "arguments": { "options" : { "driver": "invalid-driver" } } } CC: qemu-stable@nongnu.org Signed-off-by: Peter Lieven --- qapi/qapi-dealloc-visitor.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/qapi/qapi-dealloc-visitor.c b/qapi/qapi-dealloc-visitor.c index d0ea118..dc53545 100644 --- a/qapi/qapi-dealloc-visitor.c +++ b/qapi/qapi-dealloc-visitor.c @@ -131,7 +131,9 @@ static void qapi_dealloc_end_list(Visitor *v, Error **errp) static void qapi_dealloc_type_str(Visitor *v, char **obj, const char *name, Error **errp) { - g_free(*obj); + if (obj) { + g_free(*obj); + } } static void qapi_dealloc_type_int(Visitor *v, int64_t *obj, const char *name, -- 1.7.9.5