qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PULL 3/4] usb-mtp: prevent null dereference while dele


From: Peter Maydell
Subject: Re: [Qemu-devel] [PULL 3/4] usb-mtp: prevent null dereference while deleting objects
Date: Sat, 9 Mar 2019 14:08:36 +0000

On Fri, 8 Mar 2019 at 19:46, Bandan Das <address@hidden> wrote:
> This is very broken! I think something like this should work:
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 06e376bcd2..87a4bfb415 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -1138,8 +1138,8 @@ static MTPData *usb_mtp_get_object_prop_value(MTPState 
> *s, MTPControl *c,
>  /* Return correct return code for a delete event */
>  enum {
>      ALL_DELETE,
> -    PARTIAL_DELETE,
>      READ_ONLY,
> +    PARTIAL_DELETE,
>  };

This is defining these values as an incrementing series...


>      if (o->format == FMT_UNDEFINED_OBJECT) {
>          if (remove(o->path)) {
> -            partial_delete = true;
> +            ret |= READ_ONLY;
>          } else {
>              usb_mtp_object_free_one(s, o);
> -            success = true;
> +            ret |= ALL_DELETE;

...but here we're using them as bits which we OR together.
In particular ALL_DELETE is 0, so ORing it in will
do nothing.

thanks
-- PMM



reply via email to

[Prev in Thread] Current Thread [Next in Thread]