[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 3/4] usb-mtp: prevent null dereference while dele
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PULL 3/4] usb-mtp: prevent null dereference while deleting objects |
Date: |
Sat, 9 Mar 2019 14:08:36 +0000 |
On Fri, 8 Mar 2019 at 19:46, Bandan Das <address@hidden> wrote:
> This is very broken! I think something like this should work:
> diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
> index 06e376bcd2..87a4bfb415 100644
> --- a/hw/usb/dev-mtp.c
> +++ b/hw/usb/dev-mtp.c
> @@ -1138,8 +1138,8 @@ static MTPData *usb_mtp_get_object_prop_value(MTPState
> *s, MTPControl *c,
> /* Return correct return code for a delete event */
> enum {
> ALL_DELETE,
> - PARTIAL_DELETE,
> READ_ONLY,
> + PARTIAL_DELETE,
> };
This is defining these values as an incrementing series...
> if (o->format == FMT_UNDEFINED_OBJECT) {
> if (remove(o->path)) {
> - partial_delete = true;
> + ret |= READ_ONLY;
> } else {
> usb_mtp_object_free_one(s, o);
> - success = true;
> + ret |= ALL_DELETE;
...but here we're using them as bits which we OR together.
In particular ALL_DELETE is 0, so ORing it in will
do nothing.
thanks
-- PMM
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, (continued)
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Peter Maydell, 2019/03/09
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Bandan Das, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Peter Maydell, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Bandan Das, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Peter Maydell, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Bandan Das, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Peter Maydell, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Bandan Das, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Peter Maydell, 2019/03/11
- Re: [Qemu-devel] [PATCH] usb-mtp: fix return status of delete, Bandan Das, 2019/03/11
- Re: [Qemu-devel] [PULL 3/4] usb-mtp: prevent null dereference while deleting objects,
Peter Maydell <=
Re: [Qemu-devel] [PULL 0/4] Usb 20190307 patches, Peter Maydell, 2019/03/07