* [PULL 0/1] Fix use-after-free errors in util/error.c
@ 2023-04-06 16:56 Stefan Berger
2023-04-06 16:56 ` [PULL 1/1] util/error: Fix use-after-free errors reported by Coverity Stefan Berger
2023-04-10 13:27 ` [PULL 0/1] Fix use-after-free errors in util/error.c Peter Maydell
0 siblings, 2 replies; 3+ messages in thread
From: Stefan Berger @ 2023-04-06 16:56 UTC (permalink / raw)
To: qemu-devel; +Cc: peter.maydell, Stefan Berger
Hello!
This PR fixes use-after-free errors in util/error.c as reported by Coverity.
Regards,
Stefan
The following changes since commit 60ca584b8af0de525656f959991a440f8c191f12:
Merge tag 'pull-for-8.0-220323-1' of https://gitlab.com/stsquad/qemu into staging (2023-03-22 17:58:12 +0000)
are available in the Git repository at:
https://github.com/stefanberger/qemu-tpm.git tags/pull_error_handle_fix_use_after_free.v1
for you to fetch changes up to cc40b8b8448de351f0d15412f20d428712b2e207:
util/error: Fix use-after-free errors reported by Coverity (2023-04-06 12:38:42 -0400)
----------------------------------------------------------------
Stefan Berger (1):
util/error: Fix use-after-free errors reported by Coverity
util/error.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
--
2.39.1
^ permalink raw reply [flat|nested] 3+ messages in thread* [PULL 1/1] util/error: Fix use-after-free errors reported by Coverity 2023-04-06 16:56 [PULL 0/1] Fix use-after-free errors in util/error.c Stefan Berger @ 2023-04-06 16:56 ` Stefan Berger 2023-04-10 13:27 ` [PULL 0/1] Fix use-after-free errors in util/error.c Peter Maydell 1 sibling, 0 replies; 3+ messages in thread From: Stefan Berger @ 2023-04-06 16:56 UTC (permalink / raw) To: qemu-devel Cc: peter.maydell, Stefan Berger, Philippe Mathieu-Daudé, Marc-André Lureau Fix use-after-free errors in the code path that called error_handle(). A call to error_handle() will now either free the passed Error 'err' or assign it to '*errp' if '*errp' is currently NULL. This ensures that 'err' either has been freed or is assigned to '*errp' if this function returns. Adjust the two callers of this function to not assign the 'err' to '*errp' themselves, since this is now handled by error_handle(). Fixes: commit 3ffef1a55ca3 ("error: add global &error_warn destination") Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20230406154347.4100700-1-stefanb@linux.ibm.com --- util/error.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/util/error.c b/util/error.c index 5537245da6..e5e247209a 100644 --- a/util/error.c +++ b/util/error.c @@ -46,6 +46,10 @@ static void error_handle(Error **errp, Error *err) } if (errp == &error_warn) { warn_report_err(err); + } else if (errp && !*errp) { + *errp = err; + } else { + error_free(err); } } @@ -76,7 +80,6 @@ static void error_setv(Error **errp, err->func = func; error_handle(errp, err); - *errp = err; errno = saved_errno; } @@ -289,11 +292,6 @@ void error_propagate(Error **dst_errp, Error *local_err) return; } error_handle(dst_errp, local_err); - if (dst_errp && !*dst_errp) { - *dst_errp = local_err; - } else { - error_free(local_err); - } } void error_propagate_prepend(Error **dst_errp, Error *err, -- 2.39.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PULL 0/1] Fix use-after-free errors in util/error.c 2023-04-06 16:56 [PULL 0/1] Fix use-after-free errors in util/error.c Stefan Berger 2023-04-06 16:56 ` [PULL 1/1] util/error: Fix use-after-free errors reported by Coverity Stefan Berger @ 2023-04-10 13:27 ` Peter Maydell 1 sibling, 0 replies; 3+ messages in thread From: Peter Maydell @ 2023-04-10 13:27 UTC (permalink / raw) To: Stefan Berger; +Cc: qemu-devel On Thu, 6 Apr 2023 at 17:56, Stefan Berger <stefanb@linux.ibm.com> wrote: > > Hello! > > This PR fixes use-after-free errors in util/error.c as reported by Coverity. > > Regards, > Stefan > > > The following changes since commit 60ca584b8af0de525656f959991a440f8c191f12: > > Merge tag 'pull-for-8.0-220323-1' of https://gitlab.com/stsquad/qemu into staging (2023-03-22 17:58:12 +0000) > > are available in the Git repository at: > > https://github.com/stefanberger/qemu-tpm.git tags/pull_error_handle_fix_use_after_free.v1 > > for you to fetch changes up to cc40b8b8448de351f0d15412f20d428712b2e207: > > util/error: Fix use-after-free errors reported by Coverity (2023-04-06 12:38:42 -0400) > > ---------------------------------------------------------------- > Stefan Berger (1): > util/error: Fix use-after-free errors reported by Coverity Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/8.0 for any user-visible changes. -- PMM ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-04-10 13:28 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-04-06 16:56 [PULL 0/1] Fix use-after-free errors in util/error.c Stefan Berger 2023-04-06 16:56 ` [PULL 1/1] util/error: Fix use-after-free errors reported by Coverity Stefan Berger 2023-04-10 13:27 ` [PULL 0/1] Fix use-after-free errors in util/error.c Peter Maydell
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).