[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC] Fix rocker device null pointer crash. qemu config r->fp_ports
From: |
Peter Maydell |
Subject: |
Re: [RFC] Fix rocker device null pointer crash. qemu config r->fp_ports with "-device rocker, len-ports=10" when guest config port larget then r->fp_ports(10) r->fp_port[port] is null-pointer, qemu will crash null-pointer Reported-by: chenzhe <address@hidden> |
Date: |
Wed, 21 Jul 2021 15:35:36 +0100 |
On Wed, 21 Jul 2021 at 15:23, NAME <sohu0106@126.com> wrote:
>
> From: sohu0106 <sohu0106@126.com>
Hi; you seem to have a misformatted commit message here --
everything has ended up in the Subject line. The first
line of the commit should be a short summary, usually
preceded by an indication of the area of the code
being fixed, like "hw/net/rocker:". Then there should be
a blank line, followed by the more detailed description
of the change. You can look at the git commit logs for
existing commits to get the idea.
> Signed-off-by: sohu0106 <sohu0106@126.com>
We request that Signed-off-by: lines are your full real
name, not a pseudonym or email address; this is because you
are stating with this line that it's legally OK for this
patch to go into QEMU.
You might like to read
https://wiki.qemu.org/Contribute/SubmitAPatch
if you haven't found it already.
> diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c
> index cbeed65bd5..45b5020106 100644
> --- a/hw/net/rocker/rocker_fp.c
> +++ b/hw/net/rocker/rocker_fp.c
> @@ -108,9 +108,10 @@ int fp_port_set_settings(FpPort *port, uint32_t speed,
> return ROCKER_OK;
> }
>
> -bool fp_port_from_pport(uint32_t pport, uint32_t *port)
> +bool fp_port_from_pport(Rocker *r, uint32_t pport, uint32_t *port)
> {
> - if (pport < 1 || pport > ROCKER_FP_PORTS_MAX) {
> + if (pport < 1 || pport > ROCKER_FP_PORTS_MAX ||
> + pport >= rocker_fp_ports(r)) {
> return false;
You don't need to keep the check against ROCKER_FP_PORTS_MAX,
because the realize method will ensure that r->fp_ports is
not larger than ROCKER_FP_PORTS_MAX, and so the single check
against "pport >= rocker_fp_ports(r)" covers that case.
thanks
-- PMM