[Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore

From:	arei.gonglei
Subject:	[Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore()
Date:	Tue, 27 May 2014 09:40:04 +0800

From: Gonglei <address@hidden>

Spotted by Coverity:

(7) Event closed_arg:  "write_dump_pages(DumpState *)" closes "s->fd". [details]
Also see events:  [pass_closed_arg]

1490        ret = write_dump_pages(s);
(8) Event cond_false:  Condition "ret < 0", taking false branch

1491        if (ret < 0) {
1492            return -1;
(9) Event if_end:  End of if statement

1493        }
1494
(10) Event pass_closed_arg:  Passing closed handle "s->fd" as an argument to 
function "write_end_flat_header(int)".
Also see events:  [closed_arg]

1495        ret = write_end_flat_header(s->fd);
1496        if (ret < 0) {
1497            dump_error(s, "dump: failed to write end flat header.\n");
1498            return -1;
1499        }
1500
1501        dump_completed(s);
1502
1503        return 0;
1504    }

Signed-off-by: Gonglei <address@hidden>
---
 dump.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dump.c b/dump.c
index e56b7cf..3a704e9 100644
--- a/dump.c
+++ b/dump.c
@@ -1296,6 +1296,7 @@ static int write_dump_pages(DumpState *s)
     /* prepare buffer to store compressed data */
     len_buf_out = get_len_buf_out(s->page_size, s->flag_compress);
     if (len_buf_out == 0) {
+        ret = -1;
         dump_error(s, "dump: failed to get length of output buffer.\n");
         goto out;
     }
-- 
1.7.12.4

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/8] Fix some errors spotted by Coverity, arei.gonglei, 2014/05/26
- [Qemu-devel] [PATCH 2/8] vga: Fix divide-by-zero in vga_update_text, arei.gonglei, 2014/05/26
- [Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore(), arei.gonglei <=
  - Re: [Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore(), qiaonuohan, 2014/05/26
  - Re: [Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore(), Laszlo Ersek, 2014/05/27
    - Re: [Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore(), Luiz Capitulino, 2014/05/27
    - Re: [Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore(), Gonglei (Arei), 2014/05/28
- [Qemu-devel] [PATCH 3/8] json-parser: fix two coverity defects, arei.gonglei, 2014/05/26
  - Re: [Qemu-devel] [PATCH 3/8] json-parser: fix two coverity defects, Paolo Bonzini, 2014/05/27
    - Re: [Qemu-devel] [PATCH 3/8] json-parser: fix two coverity defects, Gonglei (Arei), 2014/05/28
- [Qemu-devel] [PATCH 6/8] smbus: Fix unreachable code in smb_transaction(), arei.gonglei, 2014/05/26
  - Re: [Qemu-devel] [PATCH 6/8] smbus: Fix unreachable code in smb_transaction(), Paolo Bonzini, 2014/05/27
    - Re: [Qemu-devel] [PATCH 6/8] smbus: Fix unreachable code in smb_transaction(), Gerd Hoffmann, 2014/05/27

Prev by Date: [Qemu-devel] [PATCH 2/8] vga: Fix divide-by-zero in vga_update_text
Next by Date: [Qemu-devel] [PATCH 3/8] json-parser: fix two coverity defects
Previous by thread: [Qemu-devel] [PATCH 2/8] vga: Fix divide-by-zero in vga_update_text
Next by thread: Re: [Qemu-devel] [PATCH 7/8] dump: Fix use-after-free in create_kdump_vmcore()
Index(es):
- Date
- Thread