Re: [PATCH 2/6] block/mirror: fix use after free of local_err

[Eric Blake]

On 3/25/20 6:11 AM, Max Reitz wrote:
> On 24.03.20 16:36, Vladimir Sementsov-Ogievskiy wrote:
> > local_err is used again in mirror_exit_common() after
> > bdrv_set_backing_hd(), so we must zero it. Otherwise try to set
> > non-NULL local_err will crash.
>
> OK, but wouldn’t it be better hygiene to set it to NULL every time it is
> freed?

If we change the signature to error_report_err(&local_err), where 
error_report_err both reports the error (if any) AND sets local_err to 
NULL, then we fix the problem for all callers.  It's a global 
search-and-replace job (Coccinelle is great for that) to update all 
callers to the new signature.

>  (There is a second instance of error_report_err() in this
> function.  I’m a bit worried we might introduce another local_err use
> after that one at some point in the future, and forget to run the cocci
> script then.)
>
> Are the cocci scripts run regularly by someone?  E.g. as part of a pull
> to master?

I'm not aware of any automated procedure for it at the moment; rather, 
it is still ad hoc as someone notices something needs to be re-run.  But 
there was another thread about someone considering automating Cocci 
scripts as part of the Euler robot...

--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org