Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid p

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid p

From:	Luiz Capitulino
Subject:	Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter
Date:	Wed, 7 May 2014 14:39:41 -0400

On Wed, 07 May 2014 18:55:26 +0200
Markus Armbruster <address@hidden> wrote:

> Peter Lieven <address@hidden> writes:
> 
> > On 07.05.2014 05:05, Eric Blake wrote:
> >> On 05/06/2014 06:24 PM, Peter Lieven wrote:
> >>> qemu segfaults if it receives an invalid parameter via a
> >>> qmp command instead of throwing an error.
> >>>
> >>> For example:
> >>> { "execute": "blockdev-add",
> >>>      "arguments": { "options" : { "driver": "invalid-driver" } } }
> >>>
> >>> CC: address@hidden
> >>> Signed-off-by: Peter Lieven <address@hidden>
> >>> ---
> >>>   qapi/qapi-dealloc-visitor.c |    4 +++-
> >>>   1 file changed, 3 insertions(+), 1 deletion(-)
> >> Does this overlap with any of Markus' work? It emphasizes how bad it is
> >> that our visitor interface callbacks are undocumented on what they can
> >> be passed and are expected to return.
> >>
> >> https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg00225.html
> >>
> >>> diff --git a/qapi/qapi-dealloc-visitor.c b/qapi/qapi-dealloc-visitor.c
> >>> index d0ea118..dc53545 100644
> >>> --- a/qapi/qapi-dealloc-visitor.c
> >>> +++ b/qapi/qapi-dealloc-visitor.c
> >>> @@ -131,7 +131,9 @@ static void qapi_dealloc_end_list(Visitor *v, Error 
> >>> **errp)
> >>>   static void qapi_dealloc_type_str(Visitor *v, char **obj, const char 
> >>> *name,
> >>>                                     Error **errp)
> >>>   {
> >>> -    g_free(*obj);
> >>> +    if (obj) {
> >>> +        g_free(*obj);
> >>> +    }
> >>>   }
> >> As for solving a crash,
> >> Reviewed-by: Eric Blake <address@hidden>
> >>
> >> But if Markus' cleanups solve the problem by guaranteeing that the
> >> cleanup visitor is never passed a NULL obj, then this would be a dead
> >> check.  I'm not familiar enough with the rest of the visitor code to
> >> know whether the caller is at fault, or whether other callers or visitor
> >> callbacks have the same bug.
> >>
> >
> >
> > Markus, can you advise please.
> 
> My series doesn't address this problem, and I can in fact reproduce the
> crash with it applied.
> 
> Your fix effectively reverts my commit 25a7017.  Let's turn it into a
> proper revert:

Which means that Peter has to repost as a real revert, right?

Peter, I'd appreciate if you do that shortly. I'd like to include that
fix in my next pull request.

Thanks!

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter, Peter Lieven, 2014/05/06
- Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter, Eric Blake, 2014/05/06
  - Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter, Peter Lieven, 2014/05/07
    - Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter, Markus Armbruster, 2014/05/07
    - Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter, Luiz Capitulino <=
    - Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter, Markus Armbruster, 2014/05/07

Prev by Date: Re: [Qemu-devel] [PULL 00/22] Trivial patches for 2014-05-05
Next by Date: [Qemu-devel] [PATCH v12 4/4] qapi: Add a primitive to include other files from a QAPI schema file
Previous by thread: Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter
Next by thread: Re: [Qemu-devel] [PATCH] qapi: fix null pointer dereference on invalid parameter
Index(es):
- Date
- Thread