[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] spapr_pci: fix potential NULL pointer dereferen
From: |
David Gibson |
Subject: |
Re: [Qemu-devel] [PATCH] spapr_pci: fix potential NULL pointer dereference |
Date: |
Mon, 27 Aug 2018 10:43:29 +1000 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Fri, Aug 24, 2018 at 05:30:04PM +0200, Greg Kurz wrote:
> Commit 2c88b098e76fd added a call to SPAPR_MACHINE_GET_CLASS(spapr) in
> spapr_phb_realize() before we check spapr isn't NULL. This causes QEMU
> to crash when starting a non-pseries machine with a sPAPR PHB.
>
> This could be fixed by setting the smc variable after the null check,
> but it seems more explicit to use a ternary operator to skip the call
> to SPAPR_MACHINE_GET_CLASS() if spapr is NULL, since spapr_phb_realize()
> will return immediately in this case.
>
> This was reported by Coverity (CID 1395170 and 1395183).
>
> Fixes: 2c88b098e76fde0c7fcc0476dd3f80ce58409505
> Signed-off-by: Greg Kurz <address@hidden>
Applied, thanks.
> ---
> hw/ppc/spapr_pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> index 5cd676e4430d..6bcb4f419b6b 100644
> --- a/hw/ppc/spapr_pci.c
> +++ b/hw/ppc/spapr_pci.c
> @@ -1559,7 +1559,7 @@ static void spapr_phb_realize(DeviceState *dev, Error
> **errp)
> sPAPRMachineState *spapr =
> (sPAPRMachineState *) object_dynamic_cast(qdev_get_machine(),
> TYPE_SPAPR_MACHINE);
> - sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(spapr);
> + sPAPRMachineClass *smc = spapr ? SPAPR_MACHINE_GET_CLASS(spapr) : NULL;
> SysBusDevice *s = SYS_BUS_DEVICE(dev);
> sPAPRPHBState *sphb = SPAPR_PCI_HOST_BRIDGE(s);
> PCIHostState *phb = PCI_HOST_BRIDGE(s);
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature