[{"id":1767449,"web_url":"http://patchwork.ozlabs.org/comment/1767449/","msgid":"<20170913003519.GC7550@umbus.fritz.box>","list_archive_url":null,"date":"2017-09-13T00:35:19","subject":"Re: [Qemu-devel] [PATCH] spapr_events: use QTAILQ_FOREACH_SAFE() in\n\tspapr_clear_pending_events()","submitter":{"id":47,"url":"http://patchwork.ozlabs.org/api/people/47/","name":"David Gibson","email":"david@gibson.dropbear.id.au"},"content":"On Tue, Sep 12, 2017 at 08:48:05PM +0200, Greg Kurz wrote:\n> QTAILQ_FOREACH_SAFE() must be used when removing the current element\n> inside the loop block.\n> \n> This fixes a user-after-free error introduced by commit 56258174238eb\n> and reported by Coverity (CID 1381017).\n> \n> Signed-off-by: Greg Kurz <groug@kaod.org>\n\nApplied to ppc-for-2.11.\n\n> ---\n>  hw/ppc/spapr_events.c |    4 ++--\n>  1 file changed, 2 insertions(+), 2 deletions(-)\n> \n> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c\n> index 66b8164f30be..e377fc7ddea2 100644\n> --- a/hw/ppc/spapr_events.c\n> +++ b/hw/ppc/spapr_events.c\n> @@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState *spapr,\n>  \n>  void spapr_clear_pending_events(sPAPRMachineState *spapr)\n>  {\n> -    sPAPREventLogEntry *entry = NULL;\n> +    sPAPREventLogEntry *entry = NULL, *next_entry;\n>  \n> -    QTAILQ_FOREACH(entry, &spapr->pending_events, next) {\n> +    QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) {\n>          QTAILQ_REMOVE(&spapr->pending_events, entry, next);\n>          g_free(entry->extended_log);\n>          g_free(entry);\n>","headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=gibson.dropbear.id.au\n\theader.i=@gibson.dropbear.id.au header.b=\"A3rstgor\"; \n\tdkim-atps=neutral"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xsPBn3mvzz9t4V\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 13 Sep 2017 11:26:23 +1000 (AEST)","from localhost ([::1]:39482 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1drwRX-0007Gj-62\n\tfor incoming@patchwork.ozlabs.org; Tue, 12 Sep 2017 21:26:19 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:56369)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <dgibson@ozlabs.org>) id 1drwR8-0007GZ-Sf\n\tfor qemu-devel@nongnu.org; Tue, 12 Sep 2017 21:25:55 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <dgibson@ozlabs.org>) id 1drwR7-0002Fx-SN\n\tfor qemu-devel@nongnu.org; Tue, 12 Sep 2017 21:25:54 -0400","from ozlabs.org ([2401:3900:2:1::2]:45761)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <dgibson@ozlabs.org>)\n\tid 1drwR7-0002AR-5B; Tue, 12 Sep 2017 21:25:53 -0400","by ozlabs.org (Postfix, from userid 1007)\n\tid 3xsPB359KXz9t4X; Wed, 13 Sep 2017 11:25:47 +1000 (AEST)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple;\n\td=gibson.dropbear.id.au; s=201602; t=1505265947;\n\tbh=rN3yqblJAHJnH2O1Leu+chno5WppklrCoRGic3KascI=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=A3rstgorc5jND829C6goYDpww2uJik9B9iLTAvEXHnqU5vHQKxMzSnjmiAvLO6HI1\n\tFXzP+I+XNqJbq152YfoyRerS65//qMy2J8PpaQD0WhXp1gW5YIdF5K+TXoR1UPXTm/\n\t2A6YqrgJ0uqGegjKmqVbtbDoyd8rihZVTrqs6ri8=","Date":"Wed, 13 Sep 2017 10:35:19 +1000","From":"David Gibson <david@gibson.dropbear.id.au>","To":"Greg Kurz <groug@kaod.org>","Message-ID":"<20170913003519.GC7550@umbus.fritz.box>","References":"<150524208504.32496.18214181791773634133.stgit@bahia>","MIME-Version":"1.0","Content-Type":"multipart/signed; micalg=pgp-sha256;\n\tprotocol=\"application/pgp-signature\"; boundary=\"aT9PWwzfKXlsBJM1\"","Content-Disposition":"inline","In-Reply-To":"<150524208504.32496.18214181791773634133.stgit@bahia>","User-Agent":"Mutt/1.8.3 (2017-05-23)","X-detected-operating-system":"by eggs.gnu.org: Genre and OS details not\n\trecognized.","X-Received-From":"2401:3900:2:1::2","Subject":"Re: [Qemu-devel] [PATCH] spapr_events: use QTAILQ_FOREACH_SAFE() in\n\tspapr_clear_pending_events()","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>,\n\tqemu-ppc@nongnu.org, \n\tqemu-devel@nongnu.org, Peter Maydell <peter.maydell@linaro.org>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"}}]