From: xjdeng <micro6947@gmail.com>
To: qemu-devel@nongnu.org
Cc: xjdeng <micro6947@gmail.com>
Subject: [PATCH] qtest/migration: Fix potential NPD through getenv
Date: Fri, 27 Jun 2025 10:42:26 +0800 [thread overview]
Message-ID: <20250627024226.1767-1-micro6947@gmail.com> (raw)
In `find_common_machine_version`, the code previously assumed that
`getenv(var1)` and `getenv(var2)` would always return non-NULL values.
However, if either environment variable is not set, `getenv` returns
NULL, which could lead to a null pointer dereference.
Tracing upstream usage: `find_common_machine_version` is called by
`resolve_machine_version` with `QEMU_ENV_SRC` and `QEMU_ENV_DST`.
`resolve_machine_version` is used by `migrate_start`, which is called
by `migrate_postcopy_prepare`, and ultimately by `test_postcopy_common`.
In `test_postcopy_common`, after `migrate_postcopy_prepare`, the
function `migrate_postcopy_complete` is called. Inside,
`migration_get_env` checks if `QEMU_ENV_SRC` and `QEMU_ENV_DST` are
set before use. Thus, these variables can be NULL, leading to a
potential null pointer dereference in `find_common_machine_version`.
Signed-off-by: xjdeng <micro6947@gmail.com>
---
tests/qtest/migration/migration-util.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/tests/qtest/migration/migration-util.c b/tests/qtest/migration/migration-util.c
index 642cf50c8d..45c9e164e2 100644
--- a/tests/qtest/migration/migration-util.c
+++ b/tests/qtest/migration/migration-util.c
@@ -203,8 +203,25 @@ char *find_common_machine_version(const char *mtype, const char *var1,
return g_strdup(type2);
}
- g_test_message("No common machine version for machine type '%s' between "
- "binaries %s and %s", mtype, getenv(var1), getenv(var2));
+ char *varstring1 = getenv(var1);
+ char *varstring2 = getenv(var2);
+ if (varstring1 && varstring2) {
+ g_test_message("No common machine version for machine type '%s' "
+ "between binaries %s and %s",
+ mtype, varstring1, varstring2);
+ } else if (varstring1) {
+ g_test_message("No common machine version for machine type '%s' "
+ "between binary %s and environment variable %s",
+ mtype, varstring1, var2);
+ } else if (varstring2) {
+ g_test_message("No common machine version for machine type '%s' "
+ "between binary %s and environment variable %s",
+ mtype, varstring2, var1);
+ } else {
+ g_test_message("No common machine version for machine type '%s' "
+ "between environment variables %s and %s",
+ mtype, var1, var2);
+ }
g_assert_not_reached();
}
--
2.27.0.windows.1
next reply other threads:[~2025-06-27 13:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-27 2:42 xjdeng [this message]
2025-06-27 20:52 ` [PATCH] qtest/migration: Fix potential NPD through getenv Fabiano Rosas
2025-06-29 2:20 ` Xingjing Deng
-- strict thread matches above, loose matches on Subject: below --
2025-06-27 3:03 xjdeng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250627024226.1767-1-micro6947@gmail.com \
--to=micro6947@gmail.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).