From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:46950)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SVlrm-0006K5-4b
	for qemu-devel@nongnu.org; Sat, 19 May 2012 11:46:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SVlrj-0002L9-Lu
	for qemu-devel@nongnu.org; Sat, 19 May 2012 11:46:49 -0400
Received: from mail-yx0-f173.google.com ([209.85.213.173]:46133)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1SVlrj-0002L3-Hc
	for qemu-devel@nongnu.org; Sat, 19 May 2012 11:46:47 -0400
Received: by yenm4 with SMTP id m4so4556813yen.4
	for <qemu-devel@nongnu.org>; Sat, 19 May 2012 08:46:45 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1337173681-25891-7-git-send-email-jim@meyering.net>
References: <1337173681-25891-1-git-send-email-jim@meyering.net>
	<1337173681-25891-7-git-send-email-jim@meyering.net>
Date: Sat, 19 May 2012 16:46:44 +0100
Message-ID: <CAFEAcA-PS9j5EqPb=ku5HRDQSy7XT6=zOAe21vkpTHG0f_9geA@mail.gmail.com>
From: Peter Maydell <peter.maydell@linaro.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH 6/6] softmmu-semi: fix lock_user* functions
 not to deref NULL upon OOM
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jim Meyering <jim@meyering.net>
Cc: Anthony Liguori <aliguori@us.ibm.com>, Jim Meyering <meyering@redhat.com>, qemu-devel@nongnu.org, Stefan Weil <weil@mail.berlios.de>, Andreas F=E4rber <andreas.faerber@web.de>, =?UTF-8?Q?Andreas_F=C3=A4rber?= <afaerber@suse.de>, Matthew Fernandez <matthew.fernandez@gmail.com>

On 16 May 2012 14:08, Jim Meyering <jim@meyering.net> wrote:
> From: Jim Meyering <meyering@redhat.com>
>
> Use g_malloc/g_free in place of malloc/free.
>
> Signed-off-by: Jim Meyering <meyering@redhat.com>
> ---
> =C2=A0softmmu-semi.h | 6 +++---
> =C2=A01 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/softmmu-semi.h b/softmmu-semi.h
> index 648cb95..996e0f7 100644
> --- a/softmmu-semi.h
> +++ b/softmmu-semi.h
> @@ -39,7 +39,7 @@ static void *softmmu_lock_user(CPUArchState *env, uint3=
2_t addr, uint32_t len,
> =C2=A0{
> =C2=A0 =C2=A0 uint8_t *p;
> =C2=A0 =C2=A0 /* TODO: Make this something that isn't fixed size. =C2=A0*=
/
> - =C2=A0 =C2=A0p =3D malloc(len);
> + =C2=A0 =C2=A0p =3D g_malloc(len);
> =C2=A0 =C2=A0 if (copy)
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 cpu_memory_rw_debug(env, addr, p, len, 0);
> =C2=A0 =C2=A0 return p;

Nak. This function is called with a length passed from the guest, so
killing qemu if the length is too large is a bad idea. The callers
should handle it returning NULL on failure. (Most of them do already,
if any do not that's a bug.) The bug in this function is passing
NULL to cpu_memory_rw_debug().

-- PMM