From: Eric Blake <eblake@redhat.com>
To: qemu-devel@nongnu.org
Cc: armbru@redhat.com, Luiz Capitulino <lcapitulino@redhat.com>
Subject: [Qemu-devel] [PATCH v10 03/30] qobject: Protect against use-after-free in qobject_decref()
Date: Thu, 5 Nov 2015 23:35:27 -0700 [thread overview]
Message-ID: <1446791754-23823-4-git-send-email-eblake@redhat.com> (raw)
In-Reply-To: <1446791754-23823-1-git-send-email-eblake@redhat.com>
Adding an assertion to qobject_decref() will ensure that a
programming error causing use-after-free will result in
immediate failure (provided no other thread has started
using the memory) instead of silently attempting to wrap
refcnt around and leaving the problem to potentially bite
later at a harder point to diagnose.
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
---
v10: new patch
---
include/qapi/qmp/qobject.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/qapi/qmp/qobject.h b/include/qapi/qmp/qobject.h
index c856f55..4b96ed5 100644
--- a/include/qapi/qmp/qobject.h
+++ b/include/qapi/qmp/qobject.h
@@ -90,6 +90,7 @@ static inline void qobject_incref(QObject *obj)
*/
static inline void qobject_decref(QObject *obj)
{
+ assert(!obj || obj->refcnt);
if (obj && --obj->refcnt == 0) {
assert(obj->type != NULL);
assert(obj->type->destroy != NULL);
--
2.4.3
next prev parent reply other threads:[~2015-11-06 6:36 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-06 6:35 [Qemu-devel] [PATCH v10 00/30] qapi member collision (post-introspection cleanups, subset C') Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 01/30] qapi: Use generated TestStruct machinery in tests Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 02/30] qapi: Strengthen test of TestStructList Eric Blake
2015-11-06 6:35 ` Eric Blake [this message]
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 04/30] qapi: Share test_init code in test-qmp-input* Eric Blake
2015-11-06 15:17 ` Markus Armbruster
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 05/30] qapi: Plug leaks in test-qmp-* Eric Blake
2015-11-06 15:21 ` Markus Armbruster
2015-11-06 15:49 ` Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 06/30] qapi: Simplify non-error testing " Eric Blake
2015-11-06 15:36 ` Markus Armbruster
2015-11-06 15:54 ` Eric Blake
2015-11-06 16:24 ` Markus Armbruster
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 07/30] qapi: Simplify error cleanup " Eric Blake
2015-11-06 15:40 ` Markus Armbruster
2015-11-06 15:59 ` Eric Blake
2015-11-06 16:23 ` Markus Armbruster
2015-11-06 16:32 ` Eric Blake
2015-11-06 17:04 ` [Qemu-devel] [PATCH] fixup! " Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 08/30] qapi: More tests of alternate output Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 09/30] qapi: Test failure in middle of array parse Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 10/30] qapi: More tests of input arrays Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 11/30] qapi: Provide nicer array names in introspection Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 12/30] qapi-introspect: Document lack of sorting Eric Blake
2015-11-06 15:52 ` Markus Armbruster
2015-11-09 20:56 ` Eric Blake
2015-11-10 7:36 ` Markus Armbruster
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 13/30] qapi: Track simple union tag in object.local_members Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 14/30] qapi-types: Consolidate gen_struct() and gen_union() Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 15/30] qapi-types: Simplify gen_struct_field[s] Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 16/30] qapi: Drop obsolete tag value collision assertions Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 17/30] qapi: Simplify QAPISchemaObjectTypeMember.check() Eric Blake
2015-11-09 12:31 ` Markus Armbruster
2015-11-09 14:44 ` Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 18/30] qapi: Clean up after previous commit Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 19/30] qapi: Fix up commit 7618b91's clash sanity checking change Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 20/30] qapi: Eliminate QAPISchemaObjectType.check() variable members Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 21/30] qapi: Factor out QAPISchemaObjectTypeMember.check_clash() Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 22/30] qapi: Simplify QAPISchemaObjectTypeVariants.check() Eric Blake
2015-11-09 12:38 ` Markus Armbruster
2015-11-10 5:04 ` Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 23/30] qapi: Check for qapi collisions of flat union branches Eric Blake
2015-11-09 12:56 ` Markus Armbruster
2015-11-09 15:13 ` Markus Armbruster
2015-11-10 5:18 ` Eric Blake
2015-11-10 5:16 ` Eric Blake
2015-11-10 8:30 ` Markus Armbruster
2015-11-10 13:24 ` Eric Blake
2015-11-10 23:37 ` Eric Blake
2015-11-11 9:50 ` Markus Armbruster
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 24/30] qapi: Factor out QAPISchemaObjectType.check_clash() Eric Blake
2015-11-09 13:00 ` Markus Armbruster
2015-11-09 17:36 ` Eric Blake
2015-11-09 19:11 ` Markus Armbruster
2015-11-10 5:22 ` Eric Blake
2015-11-09 14:49 ` Markus Armbruster
2015-11-10 5:32 ` Eric Blake
2015-11-10 9:15 ` Markus Armbruster
2015-11-10 13:19 ` Eric Blake
2015-11-10 14:43 ` Markus Armbruster
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 25/30] qapi: Hoist tag collision check to Variants.check() Eric Blake
2015-11-09 13:07 ` Markus Armbruster
2015-11-10 5:33 ` Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 26/30] qapi: Remove outdated tests related to QMP/branch collisions Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 27/30] qapi: Track owner of each object member Eric Blake
2015-11-09 14:26 ` Markus Armbruster
2015-11-11 0:17 ` Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 28/30] qapi: Detect collisions in C member names Eric Blake
2015-11-09 15:17 ` Markus Armbruster
2015-11-11 0:34 ` Eric Blake
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 29/30] cpu: Convert CpuInfo into flat union Eric Blake
2015-11-09 15:22 ` Markus Armbruster
2015-11-11 2:50 ` Eric Blake
2015-11-11 10:19 ` Markus Armbruster
2015-11-11 15:40 ` Eric Blake
2015-11-11 17:00 ` Markus Armbruster
2015-11-06 6:35 ` [Qemu-devel] [PATCH v10 30/30] qapi: Forbid case-insensitive clashes Eric Blake
2015-11-09 15:42 ` Markus Armbruster
2015-11-06 16:03 ` [Qemu-devel] [PATCH v10 00/30] qapi member collision (post-introspection cleanups, subset C') Markus Armbruster
2015-11-06 16:08 ` Eric Blake
2015-11-09 9:59 ` Markus Armbruster
2015-11-09 14:43 ` Eric Blake
2015-11-09 18:42 ` Markus Armbruster
2015-11-10 11:57 ` Markus Armbruster
2015-11-11 22:48 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1446791754-23823-4-git-send-email-eblake@redhat.com \
--to=eblake@redhat.com \
--cc=armbru@redhat.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).