[Qemu-devel] Possible null-ptr dereference

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] Possible null-ptr dereference
@ 2014-07-26 10:52 mateusz.krzywicki
  2014-07-28  6:03 ` Gonglei (Arei)
  0 siblings, 1 reply; 6+ messages in thread
From: mateusz.krzywicki @ 2014-07-26 10:52 UTC (permalink / raw)
  To: qemu-devel@nongnu.org

[-- Attachment #1: Type: text/plain, Size: 327 bytes --]

Hey,
Found a little bug in latest qemu:
In function: static int blk_send_response_one(struct ioreq *ioreq)
File: qemu\hw\block\xen_disk.c
Code:
    default:        dst = NULL;    }    memcpy(dst, &resp, sizeof(resp));

Just add simple check for dst and it will be all cool ;-)
Best regards,Mateusz Krzywicki 		 	   		  

[-- Attachment #2: Type: text/html, Size: 991 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Qemu-devel] Possible null-ptr dereference
  2014-07-26 10:52 [Qemu-devel] Possible null-ptr dereference mateusz.krzywicki
@ 2014-07-28  6:03 ` Gonglei (Arei)
  2014-07-28  8:20   ` mateusz.krzywicki
  2014-07-28  9:49   ` Stefan Hajnoczi
  0 siblings, 2 replies; 6+ messages in thread
From: Gonglei (Arei) @ 2014-07-28  6:03 UTC (permalink / raw)
  To: mateusz.krzywicki@windowslive.com, qemu-devel@nongnu.org
  Cc: kwolf@redhat.com, stefanha@redhat.com

[-- Attachment #1: Type: text/plain, Size: 1308 bytes --]

Hi,

Should be easy to fix though. Does the following help?

(Cc'ing Stefan & Kevin)

-->
xen_disk:  fix possible null-ptr dereference

Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
hw/block/xen_disk.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index aed5b5b..a221d0b 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -589,6 +589,7 @@ static int blk_send_response_one(struct ioreq *ioreq)
         break;
     default:
         dst = NULL;
+        return 0;
     }
     memcpy(dst, &resp, sizeof(resp));
     blkdev->rings.common.rsp_prod_pvt++;
--

Best regards,
-Gonglei

From: qemu-devel-bounces+arei.gonglei=huawei.com@nongnu.org [mailto:qemu-devel-bounces+arei.gonglei=huawei.com@nongnu.org] On Behalf Of mateusz.krzywicki@windowslive.com
Sent: Saturday, July 26, 2014 6:52 PM
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] Possible null-ptr dereference

Hey,

Found a little bug in latest qemu:

In function:
static int blk_send_response_one(struct ioreq *ioreq)

File:
qemu\hw\block\xen_disk.c

Code:

    default:
        dst = NULL;
    }
    memcpy(dst, &resp, sizeof(resp));


Just add simple check for dst and it will be all cool ;-)

Best regards,
Mateusz Krzywicki

[-- Attachment #2: Type: text/html, Size: 13590 bytes --]

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [Qemu-devel] Possible null-ptr dereference
  2014-07-28  6:03 ` Gonglei (Arei)
@ 2014-07-28  8:20   ` mateusz.krzywicki
  2014-07-28  9:49   ` Stefan Hajnoczi
  1 sibling, 0 replies; 6+ messages in thread
From: mateusz.krzywicki @ 2014-07-28  8:20 UTC (permalink / raw)
  To: Gonglei Arei, qemu-devel@nongnu.org; +Cc: kwolf@redhat.com, stefanha@redhat.com

[-- Attachment #1: Type: text/plain, Size: 1785 bytes --]

Hey,

Yup, thanks, task closed ;-)

Best regards,
Mateusz Krzywicki

From: arei.gonglei@huawei.com
To: mateusz.krzywicki@windowslive.com; qemu-devel@nongnu.org
CC: stefanha@redhat.com; kwolf@redhat.com
Subject: RE: [Qemu-devel] Possible null-ptr dereference
Date: Mon, 28 Jul 2014 06:03:45 +0000









Hi,
 
Should be easy to fix though. Does the following help?
 
(Cc’ing Stefan & Kevin)
 
-->
xen_disk:  fix possible null-ptr dereference

 
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
hw/block/xen_disk.c | 1 +
1
 file changed, 1 insertion(+)
 
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index aed5b5b..a221d0b 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -589,6 +589,7 @@ static int blk_send_response_one(struct ioreq *ioreq)
         break;
     default:
         dst = NULL;
+        return 0;
     }
     memcpy(dst, &resp, sizeof(resp));
     blkdev->rings.common.rsp_prod_pvt++;
--
 
Best regards,
-Gonglei

 



From: qemu-devel-bounces+arei.gonglei=huawei.com@nongnu.org [mailto:qemu-devel-bounces+arei.gonglei=huawei.com@nongnu.org]
On Behalf Of mateusz.krzywicki@windowslive.com

Sent: Saturday, July 26, 2014 6:52 PM

To: qemu-devel@nongnu.org

Subject: [Qemu-devel] Possible null-ptr dereference


 


Hey,


 


Found a little bug in latest qemu:


 


In function: 


static int blk_send_response_one(struct ioreq *ioreq)


 


File: 


qemu\hw\block\xen_disk.c


 


Code:


 



    default:


        dst = NULL;


    }


    memcpy(dst, &resp, sizeof(resp));



 


 


Just add simple check for dst and it will be all cool ;-)


 


Best regards,


Mateusz Krzywicki



 		 	   		  

[-- Attachment #2: Type: text/html, Size: 12511 bytes --]

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [Qemu-devel] Possible null-ptr dereference
  2014-07-28  6:03 ` Gonglei (Arei)
  2014-07-28  8:20   ` mateusz.krzywicki
@ 2014-07-28  9:49   ` Stefan Hajnoczi
  2014-07-28  9:53     ` Gonglei (Arei)
  2014-07-28 10:01     ` Peter Maydell
  1 sibling, 2 replies; 6+ messages in thread
From: Stefan Hajnoczi @ 2014-07-28  9:49 UTC (permalink / raw)
  To: Gonglei (Arei)
  Cc: kwolf@redhat.com, qemu-devel@nongnu.org,
	mateusz.krzywicki@windowslive.com

[-- Attachment #1: Type: text/plain, Size: 759 bytes --]

On Mon, Jul 28, 2014 at 06:03:45AM +0000, Gonglei (Arei) wrote:
> Hi,
> 
> Should be easy to fix though. Does the following help?
> 
> (Cc'ing Stefan & Kevin)
> 
> -->
> xen_disk:  fix possible null-ptr dereference
> 
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
> hw/block/xen_disk.c | 1 +
> 1 file changed, 1 insertion(+)

This code path can never be reached since protocol is always set to one
of 3 valid values in xen_disk.c.  Therefore, I'm not merging this for
QEMU 2.1 where we are only taking critical bug fixes now.

Still, it will help silence static checkers and make the intent clear to
readers.

Thanks, applied to my block-next tree for QEMU 2.2:
https://github.com/stefanha/qemu/commits/block-next

Stefan

[-- Attachment #2: Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Qemu-devel] Possible null-ptr dereference
  2014-07-28  9:49   ` Stefan Hajnoczi
@ 2014-07-28  9:53     ` Gonglei (Arei)
  2014-07-28 10:01     ` Peter Maydell
  1 sibling, 0 replies; 6+ messages in thread
From: Gonglei (Arei) @ 2014-07-28  9:53 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: kwolf@redhat.com, qemu-devel@nongnu.org,
	mateusz.krzywicki@windowslive.com

> -----Original Message-----
> From: Stefan Hajnoczi [mailto:stefanha@redhat.com]
> Sent: Monday, July 28, 2014 5:49 PM
> To: Gonglei (Arei)
> Cc: mateusz.krzywicki@windowslive.com; qemu-devel@nongnu.org;
> kwolf@redhat.com
> Subject: Re: [Qemu-devel] Possible null-ptr dereference
> 
> On Mon, Jul 28, 2014 at 06:03:45AM +0000, Gonglei (Arei) wrote:
> > Hi,
> >
> > Should be easy to fix though. Does the following help?
> >
> > (Cc'ing Stefan & Kevin)
> >
> > -->
> > xen_disk:  fix possible null-ptr dereference
> >
> > Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> > ---
> > hw/block/xen_disk.c | 1 +
> > 1 file changed, 1 insertion(+)
> 
> This code path can never be reached since protocol is always set to one
> of 3 valid values in xen_disk.c.  Therefore, I'm not merging this for
> QEMU 2.1 where we are only taking critical bug fixes now.
> 
OK.

> Still, it will help silence static checkers and make the intent clear to
> readers.
> 
> Thanks, applied to my block-next tree for QEMU 2.2:
> https://github.com/stefanha/qemu/commits/block-next
> 
Thanks.

Best regards,
-Gonglei

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [Qemu-devel] Possible null-ptr dereference
  2014-07-28  9:49   ` Stefan Hajnoczi
  2014-07-28  9:53     ` Gonglei (Arei)
@ 2014-07-28 10:01     ` Peter Maydell
  1 sibling, 0 replies; 6+ messages in thread
From: Peter Maydell @ 2014-07-28 10:01 UTC (permalink / raw)
  To: Stefan Hajnoczi
  Cc: kwolf@redhat.com, Gonglei (Arei), qemu-devel@nongnu.org,
	mateusz.krzywicki@windowslive.com

On 28 July 2014 10:49, Stefan Hajnoczi <stefanha@redhat.com> wrote:
> On Mon, Jul 28, 2014 at 06:03:45AM +0000, Gonglei (Arei) wrote:
>> Hi,
>>
>> Should be easy to fix though. Does the following help?
>>
>> (Cc'ing Stefan & Kevin)
>>
>> -->
>> xen_disk:  fix possible null-ptr dereference
>>
>> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
>> ---
>> hw/block/xen_disk.c | 1 +
>> 1 file changed, 1 insertion(+)
>
> This code path can never be reached since protocol is always set to one
> of 3 valid values in xen_disk.c.

Maybe g_assert_not_reached(); ?

thanks
-- PMM

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2014-07-28 10:02 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-26 10:52 [Qemu-devel] Possible null-ptr dereference mateusz.krzywicki
2014-07-28  6:03 ` Gonglei (Arei)
2014-07-28  8:20   ` mateusz.krzywicki
2014-07-28  9:49   ` Stefan Hajnoczi
2014-07-28  9:53     ` Gonglei (Arei)
2014-07-28 10:01     ` Peter Maydell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).