[Qemu-devel] [PATCH] opts: fix NULL pointer derefernce in get_opt_value

[Qemu-devel] [PATCH] opts: fix NULL pointer derefernce in get_opt_value

[Mike Krinkin]

The value argument can be NULL, for example, in hw/i386/multiboot.c
in the load_multiboot function get_opt_value is explicitly called
with NULL as the second argument.

The problem was introduced in commit 950c4e6c94b1 ("opts: don't
silently truncate long option values"). This change fixes the
problem by adding a check whether the value is NULL or not.

Signed-off-by: Mike Krinkin <krinkin.m.u@gmail.com>
---
 util/qemu-option.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/qemu-option.c b/util/qemu-option.c
index 19761e3eaf..834217fc75 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -75,7 +75,9 @@ const char *get_opt_value(const char *p, char **value)
     size_t capacity = 0, length;
     const char *offset;
 
-    *value = NULL;
+    if (value) {
+        *value = NULL;
+    }
     while (1) {
         offset = qemu_strchrnul(p, ',');
         length = offset - p;
-- 
2.17.1

Re: [Qemu-devel] [PATCH] opts: fix NULL pointer derefernce in get_opt_value

[Daniel P. Berrange]

On Mon, Jul 16, 2018 at 06:41:46PM +0100, Mike Krinkin wrote:
> The value argument can be NULL, for example, in hw/i386/multiboot.c
> in the load_multiboot function get_opt_value is explicitly called
> with NULL as the second argument.
> 
> The problem was introduced in commit 950c4e6c94b1 ("opts: don't
> silently truncate long option values"). This change fixes the
> problem by adding a check whether the value is NULL or not.
> 
> Signed-off-by: Mike Krinkin <krinkin.m.u@gmail.com>
> ---
>  util/qemu-option.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

This problem is fixed in this:

  https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01490.html

but it is still waiting for i386 maintainers to respond....

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

Re: [Qemu-devel] [PATCH] opts: fix NULL pointer derefernce in get_opt_value

[Mike Krinkin]

On Mon, Jul 16, 2018 at 7:47 PM Daniel P. Berrange <berrange@redhat.com>
wrote:

> On Mon, Jul 16, 2018 at 06:41:46PM +0100, Mike Krinkin wrote:
> > The value argument can be NULL, for example, in hw/i386/multiboot.c
> > in the load_multiboot function get_opt_value is explicitly called
> > with NULL as the second argument.
> >
> > The problem was introduced in commit 950c4e6c94b1 ("opts: don't
> > silently truncate long option values"). This change fixes the
> > problem by adding a check whether the value is NULL or not.
> >
> > Signed-off-by: Mike Krinkin <krinkin.m.u@gmail.com>
> > ---
> >  util/qemu-option.c | 4 +++-
> >  1 file changed, 3 insertions(+), 1 deletion(-)
>
> This problem is fixed in this:
>
>   https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01490.html
>
> but it is still waiting for i386 maintainers to respond....
>

Thanks for the update, I searched through the archive briefly but didn't
find this fix, sorry for the noise and please ignore this path.


>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org              -o-             http://virt-manager.org
> :|
> |: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/
> :|
>

Re: [Qemu-devel] [PATCH] opts: fix NULL pointer derefernce in get_opt_value

[Paolo Bonzini]

On 16/07/2018 20:47, Daniel P. Berrange wrote:
> On Mon, Jul 16, 2018 at 06:41:46PM +0100, Mike Krinkin wrote:
>> The value argument can be NULL, for example, in hw/i386/multiboot.c
>> in the load_multiboot function get_opt_value is explicitly called
>> with NULL as the second argument.
>>
>> The problem was introduced in commit 950c4e6c94b1 ("opts: don't
>> silently truncate long option values"). This change fixes the
>> problem by adding a check whether the value is NULL or not.
>>
>> Signed-off-by: Mike Krinkin <krinkin.m.u@gmail.com>
>> ---
>>  util/qemu-option.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> This problem is fixed in this:
> 
>   https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01490.html
> 
> but it is still waiting for i386 maintainers to respond....

Generally Kevin has looked at multiboot patches, but I'll merge these
ones because he's on vacation.  Thanks,

Paolo