[PULL 09/18] block/export: Fix null pointer dereference in error path

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 09/18] block/export: Fix null pointer dereference in error path

From:	Kevin Wolf
Subject:	[PULL 09/18] block/export: Fix null pointer dereference in error path
Date:	Wed, 17 May 2023 18:51:07 +0200

There are some error paths in blk_exp_add() that jump to 'fail:' before
'exp' is even created. So we can't just unconditionally access exp->blk.

Add a NULL check, and switch from exp->blk to blk, which is available
earlier, just to be extra sure that we really cover all cases where
BlockDevOps could have been set for it (in practice, this only happens
in drv->create() today, so this part of the change isn't strictly
necessary).

Fixes: Coverity CID 1509238
Fixes: de79b52604e43fdeba6cee4f5af600b62169f2d2
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230510203601.418015-3-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/export/export.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/export/export.c b/block/export/export.c
index 62c7c22d45..a5c8f42f53 100644
--- a/block/export/export.c
+++ b/block/export/export.c
@@ -192,8 +192,10 @@ BlockExport *blk_exp_add(BlockExportOptions *export, Error 
**errp)
     return exp;
 
 fail:
-    blk_set_dev_ops(exp->blk, NULL, NULL);
-    blk_unref(blk);
+    if (blk) {
+        blk_set_dev_ops(blk, NULL, NULL);
+        blk_unref(blk);
+    }
     aio_context_release(ctx);
     if (exp) {
         g_free(exp->id);
-- 
2.40.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/18] Block layer patches, Kevin Wolf, 2023/05/17
- [PULL 01/18] blockdev: refactor transaction to use Transaction API, Kevin Wolf, 2023/05/17
- [PULL 02/18] blockdev: transactions: rename some things, Kevin Wolf, 2023/05/17
- [PULL 03/18] blockdev: qmp_transaction: refactor loop to classic for, Kevin Wolf, 2023/05/17
- [PULL 07/18] docs/interop/qcow2.txt: fix description about "zlib" clusters, Kevin Wolf, 2023/05/17
- [PULL 05/18] blockdev: use state.bitmap in block-dirty-bitmap-add action, Kevin Wolf, 2023/05/17
- [PULL 04/18] blockdev: transaction: refactor handling transaction properties, Kevin Wolf, 2023/05/17
- [PULL 06/18] blockdev: qmp_transaction: drop extra generic layer, Kevin Wolf, 2023/05/17
- [PULL 08/18] block: Call .bdrv_co_create(_opts) unlocked, Kevin Wolf, 2023/05/17
- [PULL 10/18] qcow2: Unlock the graph in qcow2_do_open() where necessary, Kevin Wolf, 2023/05/17
- [PULL 09/18] block/export: Fix null pointer dereference in error path, Kevin Wolf <=
- [PULL 12/18] test-bdrv-drain: Take graph lock more selectively, Kevin Wolf, 2023/05/17
- [PULL 11/18] qemu-img: Take graph lock more selectively, Kevin Wolf, 2023/05/17
- [PULL 14/18] blockjob: Adhere to rate limit even when reentered early, Kevin Wolf, 2023/05/17
- [PULL 16/18] iotests/245: Check if 'compress' driver is available, Kevin Wolf, 2023/05/17
- [PULL 17/18] aio-posix: do not nest poll handlers, Kevin Wolf, 2023/05/17
  - Re: [PULL 17/18] aio-posix: do not nest poll handlers, Michael Tokarev, 2023/05/18
    - Re: [PULL 17/18] aio-posix: do not nest poll handlers, Stefan Hajnoczi, 2023/05/18
- [PULL 15/18] graph-lock: Honour read locks even in the main thread, Kevin Wolf, 2023/05/17
- [PULL 18/18] tested: add test for nested aio_poll() in poll handlers, Kevin Wolf, 2023/05/17
  - Re: [PULL 18/18] tested: add test for nested aio_poll() in poll handlers, Richard Henderson, 2023/05/17

Prev by Date: [PULL 10/18] qcow2: Unlock the graph in qcow2_do_open() where necessary
Next by Date: [PULL 12/18] test-bdrv-drain: Take graph lock more selectively
Previous by thread: [PULL 10/18] qcow2: Unlock the graph in qcow2_do_open() where necessary
Next by thread: [PULL 12/18] test-bdrv-drain: Take graph lock more selectively
Index(es):
- Date
- Thread