[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 084/113] console: Avoid segfault in screendump
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 084/113] console: Avoid segfault in screendump |
Date: |
Mon, 18 Jun 2018 20:42:50 -0500 |
From: Michal Privoznik <address@hidden>
After f771c5440e04626f1 it is possible to select device and
head which to take screendump from. And even though we check if
provided head number falls within range, it may still happen that
the console has no surface yet leading to SIGSEGV:
qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \
-qmp stdio \
-device virtio-vga,id=video0,max_outputs=4
{"execute":"qmp_capabilities"}
{"execute":"screendump", "arguments":{"filename":"/tmp/screen.ppm",
"device":"video0", "head":1}}
Segmentation fault
#0 0x00005628249dda88 in ppm_save (filename=0x56282826cbc0 "/tmp/screen.ppm",
ds=0x0, errp=0x7fff52a6fae0) at ui/console.c:304
#1 0x00005628249ddd9b in qmp_screendump (filename=0x56282826cbc0
"/tmp/screen.ppm", has_device=true, device=0x5628276902d0 "video0",
has_head=true, head=1, errp=0x7fff52a6fae0) at ui/console.c:375
#2 0x00005628247740df in qmp_marshal_screendump (args=0x562828265e00,
ret=0x7fff52a6fb68, errp=0x7fff52a6fb60) at qapi/qapi-commands-ui.c:110
Here, @ds from frame #0 (or @surface from frame #1) is
dereferenced at the very beginning of ppm_save(). And because
it's NULL crash happens.
Signed-off-by: Michal Privoznik <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 08d9864fa4e0c616e076ca8b225d39a7ecb189af)
Signed-off-by: Michael Roth <address@hidden>
---
ui/console.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ui/console.c b/ui/console.c
index c4c95abed7..96272b5c45 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -354,6 +354,11 @@ void qmp_screendump(const char *filename, Error **errp)
graphic_hw_update(con);
surface = qemu_console_surface(con);
+ if (!surface) {
+ error_setg(errp, "no surface");
+ return;
+ }
+
ppm_save(filename, surface, errp);
}
--
2.11.0
- [Qemu-devel] [PATCH 075/113] lm32: take BQL before writing IP/IM register, (continued)
- [Qemu-devel] [PATCH 075/113] lm32: take BQL before writing IP/IM register, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 078/113] pc-bios/s390-ccw: struct tpi_info must be declared as aligned(4), Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 079/113] qdev: rename typedef qdev_resetfn() -> DeviceReset(), Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 077/113] s390x/css: disabled subchannels cannot be status pending, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 076/113] raw: Check byte range uniformly, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 080/113] qdev: add helpers to be more explicit when using abstract QOM parent functions, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 007/113] spapr: Adjust default VSMT value for better migration compatibility, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 081/113] s390x/virtio: Convert virtio-ccw from *_exit to *_unrealize, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 082/113] virtio-ccw: common reset handler, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 083/113] s390x/ccw: make sure all ccw devices are properly reset, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 084/113] console: Avoid segfault in screendump,
Michael Roth <=
- [Qemu-devel] [PATCH 085/113] hw/intc/arm_gicv3: Fix APxR<n> register dispatching, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 088/113] intel-iommu: send PSI always even if across PDEs, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 087/113] intel-iommu: Extend address width to 48 bits, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 086/113] intel-iommu: Redefine macros to enable supporting 48 bit address width, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 089/113] intel-iommu: remove IntelIOMMUNotifierNode, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 008/113] spapr: set vsmt to MAX(8, smp_threads), Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 090/113] intel-iommu: add iommu lock, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 092/113] intel-iommu: introduce vtd_page_walk_info, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 093/113] intel-iommu: pass in address space when page walk, Michael Roth, 2018/06/18
- [Qemu-devel] [PATCH 094/113] intel-iommu: trace domain id during page walk, Michael Roth, 2018/06/18