[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/8] block/export: Fix null pointer dereference in error path
From: |
Eric Blake |
Subject: |
Re: [PATCH 2/8] block/export: Fix null pointer dereference in error path |
Date: |
Fri, 12 May 2023 11:16:03 -0500 |
User-agent: |
NeoMutt/20230512 |
On Wed, May 10, 2023 at 10:35:55PM +0200, Kevin Wolf wrote:
>
> There are some error paths in blk_exp_add() that jump to 'fail:' before
> 'exp' is even created. So we can't just unconditionally access exp->blk.
>
> Add a NULL check, and switch from exp->blk to blk, which is available
> earlier, just to be extra sure that we really cover all cases where
> BlockDevOps could have been set for it (in practice, this only happens
> in drv->create() today, so this part of the change isn't strictly
> necessary).
>
> Fixes: de79b52604e43fdeba6cee4f5af600b62169f2d2
Sorry for missing that on my first review, and this does look better.
I'm assuming you plan to take this in with the rest of the series
through your tree, but let me know if I should push it faster through
the NBD tree.
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> block/export/export.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Reviewed-by: Eric Blake <eblake@redhat.com>
>
> diff --git a/block/export/export.c b/block/export/export.c
> index 62c7c22d45..a5c8f42f53 100644
> --- a/block/export/export.c
> +++ b/block/export/export.c
> @@ -192,8 +192,10 @@ BlockExport *blk_exp_add(BlockExportOptions *export,
> Error **errp)
> return exp;
>
> fail:
> - blk_set_dev_ops(exp->blk, NULL, NULL);
> - blk_unref(blk);
> + if (blk) {
> + blk_set_dev_ops(blk, NULL, NULL);
> + blk_unref(blk);
> + }
> aio_context_release(ctx);
> if (exp) {
> g_free(exp->id);
> --
> 2.40.1
>
>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
- [PATCH 0/8] block: Honour graph read lock even in the main thread, Kevin Wolf, 2023/05/10
- [PATCH 2/8] block/export: Fix null pointer dereference in error path, Kevin Wolf, 2023/05/10
- [PATCH 3/8] qcow2: Unlock the graph in qcow2_do_open() where necessary, Kevin Wolf, 2023/05/10
- [PATCH 4/8] qemu-img: Take graph lock more selectively, Kevin Wolf, 2023/05/10
- [PATCH 6/8] test-bdrv-drain: Call bdrv_co_unref() in coroutine context, Kevin Wolf, 2023/05/10
- [PATCH 5/8] test-bdrv-drain: Take graph lock more selectively, Kevin Wolf, 2023/05/10
- [PATCH 7/8] blockjob: Adhere to rate limit even when reentered early, Kevin Wolf, 2023/05/10