qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL v5 15/43] pc: fix possible NULL pointer dereference i

From: Eduardo Habkost
Subject: [Qemu-devel] [PULL v5 15/43] pc: fix possible NULL pointer dereference in pc_machine_get_device_memory_region_size()
Date: Wed, 3 Jul 2019 18:07:53 -0300 
From: Igor Mammedov <address@hidden>

QEMU will crash when device-memory-region-size property is read if 
ms->device_memory
wasn't initialized yet.

Crash can be reproduced with:
 $QEMU -preconfig -qmp unix:qmp_socket,server,nowait &
 ./scripts/qmp/qom-get -s qmp_socket /machine.device-memory-region-size

Instead of crashing return 0 if ms->device_memory hasn't been initialized.

Signed-off-by: Igor Mammedov <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Eduardo Habkost <address@hidden>
---
 hw/i386/pc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 9921ce4f5e..9b953eeeea 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -2489,7 +2489,11 @@ pc_machine_get_device_memory_region_size(Object *obj, 
Visitor *v,
                                          Error **errp)
 {
     MachineState *ms = MACHINE(obj);
-    int64_t value = memory_region_size(&ms->device_memory->mr);
+    int64_t value = 0;
+
+    if (ms->device_memory) {
+        value = memory_region_size(&ms->device_memory->mr);
+    }
 
     visit_type_int(v, name, &value, errp);
 }
-- 
2.18.0.rc1.1.g3f1ff2140
reply via email to
[Prev in Thread] Current Thread [Next in Thread]