From: Christian Schoenebeck <qemu_oss@crudebyte.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Akihiko Odaki <akihiko.odaki@gmail.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [PATCH] ui/gtk: fix NULL pointer dereference
Date: Mon, 08 Mar 2021 15:03:33 +0100 [thread overview]
Message-ID: <2083224.5eVbfnxiYP@silver> (raw)
In-Reply-To: <CAFEAcA-36A9RAB3eqi6-SHJSUxpzJsgVo75d3DZXcWhGYwLhrw@mail.gmail.com>
On Montag, 8. März 2021 14:37:44 CET Peter Maydell wrote:
> On Mon, 8 Mar 2021 at 13:32, Christian Schoenebeck
>
> <qemu_oss@crudebyte.com> wrote:
> > On Montag, 8. März 2021 12:31:33 CET Akihiko Odaki wrote:
> > > 2021年3月8日(月) 19:39 Christian Schoenebeck <qemu_oss@crudebyte.com>:
> > > > This was just about silencing the mentioned automated Coverity defects
> > > > report. If you have a better solution, then just ignore this patch.
> > > >
> > > > Best regards,
> > > > Christian Schoenebeck
> > >
> > > I do not have an access to Coverity defects report. I'd appreciate the
> > > details if you provide one. I suspect I made a mistake somewhere else
> > > ui/gtk.c in c821a58ee7 ("ui/console: Pass placeholder surface to
> > > display").
> >
> > Unfortunately Coverity's defects reports are not very verbose.
>
> The online defect viewer is a bit better for showing why it thought
> something was an issue. In this case we have at the top of the function:
Ah, good to know. Actually never looked into the online viewer. Thanks Peter!
> trace_gd_switch(vc->label,
> surface ? surface_width(surface) : 0,
> surface ? surface_height(surface) : 0);
>
> which tests whether surface is NULL, implying that sometimes it is.
>
> Then later we have:
> if (vc->gfx.ds && surface &&
>
> also checking surface for NULL-ness.
>
> Finally we have:
> if (surface->format == PIXMAN_x8r8g8b8) {
>
> which dereferences surface without checking if it's NULL.
>
> So there is definitely a bug here:
> (1) either surface can never be NULL, and all the places where
> the function is testing for NULL-ness are wrong and need to be removed
> (2) or surface can be NULL, and we should check here too
>
> Coverity can't tell us which of the two possibilities is right, of course.
BTW, there is __nonnull supported by clang, e.g.:
static void foo(void *__nonnull p) {
...
}
Maybe as an optionally defined macro (if supported by compiler) this could be
a useful tool for such intended nonnull designs, as it immediately emits
compiler errors.
Best regards,
Christian Schoenebeck
next prev parent reply other threads:[~2021-03-08 14:11 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-07 19:38 [PATCH] ui/gtk: fix NULL pointer dereference Christian Schoenebeck
2021-03-08 3:45 ` Akihiko Odaki
2021-03-08 10:39 ` Christian Schoenebeck
2021-03-08 11:31 ` Akihiko Odaki
2021-03-08 12:42 ` Christian Schoenebeck
2021-03-08 13:21 ` Akihiko Odaki
2021-03-08 13:37 ` Peter Maydell
2021-03-08 13:57 ` Akihiko Odaki
2021-03-08 14:03 ` Christian Schoenebeck [this message]
2021-03-08 14:17 ` Akihiko Odaki
2021-03-08 14:30 ` Philippe Mathieu-Daudé
2021-03-08 14:57 ` Christian Schoenebeck
2021-03-09 4:20 ` Akihiko Odaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2083224.5eVbfnxiYP@silver \
--to=qemu_oss@crudebyte.com \
--cc=akihiko.odaki@gmail.com \
--cc=kraxel@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).