[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for 2.10 21/35] arm/sysbus-fdt: fix null pointer
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH for 2.10 21/35] arm/sysbus-fdt: fix null pointer dereference |
Date: |
Mon, 24 Jul 2017 22:09:04 +0100 |
On 24 July 2017 at 19:27, Philippe Mathieu-Daudé <address@hidden> wrote:
> Use error_report() + exit() instead of error_setg(&error_fatal).
>
> hw/arm/sysbus-fdt.c:322:9: warning: Array access (from variable 'node_path')
> results in a null pointer dereference
> if (node_path[1]) {
> ^~~~~~~~~~~~
I don't understand what this warning is trying to say.
We can't get to this point with a NULL node_path,
because of the previous conditional, which is using
error_setg(&error_fatal).
> Reported-by: Clang Static Analyzer
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
> hw/arm/sysbus-fdt.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/hw/arm/sysbus-fdt.c b/hw/arm/sysbus-fdt.c
> index d68e3dcdbd..ad0cc49b19 100644
> --- a/hw/arm/sysbus-fdt.c
> +++ b/hw/arm/sysbus-fdt.c
> @@ -315,15 +315,14 @@ static int add_amd_xgbe_fdt_node(SysBusDevice *sbdev,
> void *opaque)
> node_path = qemu_fdt_node_path(host_fdt, dt_name, vdev->compat,
> &error_fatal);
> if (!node_path || !node_path[0]) {
> - error_setg(&error_fatal, "%s unable to retrieve node path for %s/%s",
> + error_report("%s unable to retrieve node path for %s/%s",
> __func__, dt_name, vdev->compat);
> - }
> -
> - if (node_path[1]) {
> - error_setg(&error_fatal, "%s more than one node matching %s/%s!",
> + exit(1);
> + } else if (node_path[1]) {
> + error_report("%s more than one node matching %s/%s!",
> __func__, dt_name, vdev->compat);
> + exit(1);
> }
> -
> g_free(dt_name);
This doesn't seem like an improvement. Now the
error handling in the function is an inconsistent
mix of error_report()+exit() and error_setg(&error_fatal).
thanks
-- PMM
- [Qemu-devel] [PATCH for 2.10 13/35] vfio/pci: fix use of freed memory, (continued)
- [Qemu-devel] [PATCH for 2.10 13/35] vfio/pci: fix use of freed memory, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 15/35] usb: correctly handle Zero Length Packets, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 14/35] vfio/ccw: fix incorrect malloc() size, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 16/35] usb/dev-mtp: fix use of uninitialized values, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 17/35] usb/dev-mtp: fix use of uninitialized values, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 18/35] usb/dev-mtp: fix use of uninitialized values, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 19/35] usb/dev-mtp: fix use of uninitialized variable, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 20/35] arm/boot: fix undefined instruction on secondary smp cpu bootloader, Philippe Mathieu-Daudé, 2017/07/24
- [Qemu-devel] [PATCH for 2.10 21/35] arm/sysbus-fdt: fix null pointer dereference, Philippe Mathieu-Daudé, 2017/07/24
[Qemu-devel] [PATCH for 2.10 22/35] arm/vexpress: fix potential memory leak, Philippe Mathieu-Daudé, 2017/07/24
[Qemu-devel] [PATCH for 2.10 23/35] m68k/translate: fix incorrect copy/paste, Philippe Mathieu-Daudé, 2017/07/24