Message ID | 33183CC9F5247A488A2544077AF1902086C1D361@SZXEMA503-MBS.china.huawei.com |
---|---|
State | New |
Headers | show |
On Mon, Jul 28, 2014 at 06:03:45AM +0000, Gonglei (Arei) wrote: > Hi, > > Should be easy to fix though. Does the following help? > > (Cc'ing Stefan & Kevin) > > --> > xen_disk: fix possible null-ptr dereference > > Signed-off-by: Gonglei <arei.gonglei@huawei.com> > --- > hw/block/xen_disk.c | 1 + > 1 file changed, 1 insertion(+) This code path can never be reached since protocol is always set to one of 3 valid values in xen_disk.c. Therefore, I'm not merging this for QEMU 2.1 where we are only taking critical bug fixes now. Still, it will help silence static checkers and make the intent clear to readers. Thanks, applied to my block-next tree for QEMU 2.2: https://github.com/stefanha/qemu/commits/block-next Stefan
> -----Original Message----- > From: Stefan Hajnoczi [mailto:stefanha@redhat.com] > Sent: Monday, July 28, 2014 5:49 PM > To: Gonglei (Arei) > Cc: mateusz.krzywicki@windowslive.com; qemu-devel@nongnu.org; > kwolf@redhat.com > Subject: Re: [Qemu-devel] Possible null-ptr dereference > > On Mon, Jul 28, 2014 at 06:03:45AM +0000, Gonglei (Arei) wrote: > > Hi, > > > > Should be easy to fix though. Does the following help? > > > > (Cc'ing Stefan & Kevin) > > > > --> > > xen_disk: fix possible null-ptr dereference > > > > Signed-off-by: Gonglei <arei.gonglei@huawei.com> > > --- > > hw/block/xen_disk.c | 1 + > > 1 file changed, 1 insertion(+) > > This code path can never be reached since protocol is always set to one > of 3 valid values in xen_disk.c. Therefore, I'm not merging this for > QEMU 2.1 where we are only taking critical bug fixes now. > OK. > Still, it will help silence static checkers and make the intent clear to > readers. > > Thanks, applied to my block-next tree for QEMU 2.2: > https://github.com/stefanha/qemu/commits/block-next > Thanks. Best regards, -Gonglei
On 28 July 2014 10:49, Stefan Hajnoczi <stefanha@redhat.com> wrote: > On Mon, Jul 28, 2014 at 06:03:45AM +0000, Gonglei (Arei) wrote: >> Hi, >> >> Should be easy to fix though. Does the following help? >> >> (Cc'ing Stefan & Kevin) >> >> --> >> xen_disk: fix possible null-ptr dereference >> >> Signed-off-by: Gonglei <arei.gonglei@huawei.com> >> --- >> hw/block/xen_disk.c | 1 + >> 1 file changed, 1 insertion(+) > > This code path can never be reached since protocol is always set to one > of 3 valid values in xen_disk.c. Maybe g_assert_not_reached(); ? thanks -- PMM
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c index aed5b5b..a221d0b 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -589,6 +589,7 @@ static int blk_send_response_one(struct ioreq *ioreq) break; default: dst = NULL; + return 0; } memcpy(dst, &resp, sizeof(resp)); blkdev->rings.common.rsp_prod_pvt++;