GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/2196281/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2196281,
    "url": "http://patchwork.ozlabs.org/api/patches/2196281/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/E1vqq09-000FBe-2m@kylie.crudebyte.com/",
    "project": {
        "id": 14,
        "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api",
        "name": "QEMU Development",
        "link_name": "qemu-devel",
        "list_id": "qemu-devel.nongnu.org",
        "list_email": "qemu-devel@nongnu.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<E1vqq09-000FBe-2m@kylie.crudebyte.com>",
    "list_archive_url": null,
    "date": "2026-02-13T09:56:05",
    "name": "hw/9pfs: fix heap-buffer-overflow in v9fs_complete_rename",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "7e515ae01bd640e8a07df960038b1a71e15a4953",
    "submitter": {
        "id": 77616,
        "url": "http://patchwork.ozlabs.org/api/people/77616/?format=api",
        "name": "Christian Schoenebeck",
        "email": "qemu_oss@crudebyte.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/E1vqq09-000FBe-2m@kylie.crudebyte.com/mbox/",
    "series": [
        {
            "id": 492077,
            "url": "http://patchwork.ozlabs.org/api/series/492077/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=492077",
            "date": "2026-02-13T09:56:05",
            "name": "hw/9pfs: fix heap-buffer-overflow in v9fs_complete_rename",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/492077/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2196281/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2196281/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (4096-bit key;\n unprotected) header.d=crudebyte.com header.i=@crudebyte.com\n header.a=rsa-sha256 header.s=kylie header.b=ct1g8BRw;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fC7n93PsDz1xvQ\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 13 Feb 2026 21:33:49 +1100 (AEDT)",
            "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vqqUQ-0003xc-7o; Fri, 13 Feb 2026 05:33:34 -0500",
            "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1)\n (envelope-from\n <433d91b2a7751d2df86337a655d321bbed2841db@kylie.crudebyte.com>)\n id 1vqqUM-0003w6-Vi\n for qemu-devel@nongnu.org; Fri, 13 Feb 2026 05:33:31 -0500",
            "from kylie.crudebyte.com ([5.189.157.229])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1)\n (envelope-from\n <433d91b2a7751d2df86337a655d321bbed2841db@kylie.crudebyte.com>)\n id 1vqqUK-0000v1-9z\n for qemu-devel@nongnu.org; Fri, 13 Feb 2026 05:33:30 -0500"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n d=crudebyte.com; s=kylie; h=Message-Id:Cc:To:Subject:Date:From:Content-Type:\n Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Content-ID:\n Content-Description; bh=ChQcJ6bhf/IOl7AGzGV04RHDMwEkZgcdk7bnXDJBvhg=; b=ct1g8\n BRwF4sj4CXmyvatZK2tTSiBjGFd/ajcq+447kYJSj48Zmb+6mJJZTif8XPDI3Lc7eEUCaE1SBVxEc\n 8IBq4rbxuJ49tj9FecPWa4/5i0U98h+2PFP+5YzVrheWFXofNUtdMOI324p+vyCd/XxGLZq0ZV1Wc\n 6OFy+iGcBFDUxDYHMpDc771JiHBR7uFVePjebokQoH1cX2uLDG7ySAmsQSYXRwn9d9UlfAUeMnR6d\n aPSk4/MvD2oqFJyBt4V5q8Kxu168UNfwLcfiTivhOkZzwyFUtvr/H4NU8mOWxWLjYhYcvyXIMP3M5\n DY2Pyz9FQMSznIsedpm6KdpmL0w0iGP5+wq7AZNHVMxCk2QXcxPBw7je6mdBDsHzu8k/Lnrjdveot\n Uv6ndLZCf58JssTQf8icXzCym5Ws3N95V0XDARpL4MaBm/CGWTK0emDH8jjYRhoxC1xkXFCCeLJ8d\n lbZBTMWJ+R8Ln8c8kJYW874uNmsmIZbiuIR+GC8/K4TXdVzHNPlBLCIwtlgJrj64+0+HTIFCO91Oz\n Zg44dL2kWDvQSsYrKsci5GYsgdWG227rvJZRo0Hq1oTx6p8MU+NTvNEODwBByrZcJ+tsTrLv7jHKN\n ECFti/RZ8ilIeghoxJuPg9DT67Ln201y4NkCDP6x5A43e8upRuCBiP7qyFcMio=;",
        "From": "Christian Schoenebeck <qemu_oss@crudebyte.com>",
        "Date": "Fri, 13 Feb 2026 10:56:05 +0100",
        "Subject": "[PATCH] hw/9pfs: fix heap-buffer-overflow in v9fs_complete_rename",
        "To": "qemu-devel@nongnu.org",
        "Cc": "Oliver Chang <ochang@google.com>, Alexander Bulekov <alxndr@bu.edu>,\n Mauro Matteo Cascella <mcascell@redhat.com>, Greg Kurz <groug@kaod.org>",
        "Message-Id": "<E1vqq09-000FBe-2m@kylie.crudebyte.com>",
        "Received-SPF": "pass client-ip=5.189.157.229;\n envelope-from=433d91b2a7751d2df86337a655d321bbed2841db@kylie.crudebyte.com;\n helo=kylie.crudebyte.com",
        "X-Spam_score_int": "-20",
        "X-Spam_score": "-2.1",
        "X-Spam_bar": "--",
        "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no",
        "X-Spam_action": "no action",
        "X-BeenThere": "qemu-devel@nongnu.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "qemu development <qemu-devel.nongnu.org>",
        "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>",
        "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>",
        "List-Post": "<mailto:qemu-devel@nongnu.org>",
        "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>",
        "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>",
        "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org",
        "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org"
    },
    "content": "From: Oliver Chang <ochang@google.com>\n\nWhen `v9fs_complete_rename` is called with `newdirfid == -1`, it attempts to\nderive the directory name from `fidp->path.data` using `g_path_get_dirname`.\nThis logic assumes that `fidp->path.data` always contains a null-terminated\nstring representing a pathname.\n\nWhile this assumption holds for the 'local' backend, the 'synth' backend stores\na `V9fsSynthNode *` pointer directly in the `V9fsPath.data` buffer. When using\n'synth', `g_path_get_dirname` treats this pointer as a string, often resulting\nin a short string like \".\".\n\nThe subsequent call to `v9fs_co_name_to_path` invokes `synth_name_to_path`,\nwhich expects `dir_path.data` to contain a `V9fsSynthNode *`. It attempts to\nread 8 bytes (on 64-bit) from the buffer. If `g_path_get_dirname` returned a\nshort string, this results in a heap-buffer-overflow read.\n\nFix this by checking for the `V9FS_PATHNAME_FSCONTEXT` flag in the export\nflags. This flag indicates that the backend supports string-based pathnames. If\nit is not set (as in the 'synth' backend), return `-EOPNOTSUPP` to prevent\ninvalid memory access.\n\nCo-authored-by: CodeMender <codemender-patching@google.com>\nFixes: https://issues.oss-fuzz.com/issues/477990727\n---\n hw/9pfs/9p.c | 9 ++++++++-\n 1 file changed, 8 insertions(+), 1 deletion(-)\n\n--",
    "diff": "diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c\nindex 6fbe604ce8..546e70f75c 100644\n--- a/hw/9pfs/9p.c\n+++ b/hw/9pfs/9p.c\n@@ -3310,9 +3310,16 @@ static int coroutine_fn v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp,\n             goto out;\n         }\n     } else {\n-        char *dir_name = g_path_get_dirname(fidp->path.data);\n+        char *dir_name;\n         V9fsPath dir_path;\n \n+        if (!(s->ctx.export_flags & V9FS_PATHNAME_FSCONTEXT)) {\n+            /* path renaming is only supported for path based fid */\n+            err = -EOPNOTSUPP;\n+            goto out;\n+        }\n+\n+        dir_name = g_path_get_dirname(fidp->path.data);\n         v9fs_path_init(&dir_path);\n         v9fs_path_sprintf(&dir_path, \"%s\", dir_name);\n         g_free(dir_name);\n",
    "prefixes": []
}