Patchwork console: Avoid dereferencing NULL active_console

login
register
mail settings
Submitter Stefan Hajnoczi
Date Sept. 20, 2010, 1:11 p.m.
Message ID <1284988279-8900-1-git-send-email-stefanha@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/65206/
State New
Headers show

Comments

Stefan Hajnoczi - Sept. 20, 2010, 1:11 p.m.
The console_select() function does not check that active_console is
non-NULL before dereferencing it.  When invoked with qemu -nodefaults it
is possible to hit this case.

This patch checks that active_console is non-NULL before stashing away
the old console dimensions in console_select().

Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
---
 console.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)
Gerd Hoffmann - Sept. 29, 2010, 8:44 a.m.
On 09/20/10 15:11, Stefan Hajnoczi wrote:
> The console_select() function does not check that active_console is
> non-NULL before dereferencing it.  When invoked with qemu -nodefaults it
> is possible to hit this case.
>
> This patch checks that active_console is non-NULL before stashing away
> the old console dimensions in console_select().

Looks sane to me, simliar tests exist in other places.

Acked-by: Gerd Hoffmann <kraxel@redhat.com>

cheers,
   Gerd
Stefan Weil - Sept. 30, 2010, 4:55 p.m.
Am 20.09.2010 15:11, schrieb Stefan Hajnoczi:
> The console_select() function does not check that active_console is
> non-NULL before dereferencing it. When invoked with qemu -nodefaults it
> is possible to hit this case.
>
> This patch checks that active_console is non-NULL before stashing away
> the old console dimensions in console_select().
>
> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
> ---
> console.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/console.c b/console.c
> index 698bc10..c1728b1 100644
> --- a/console.c
> +++ b/console.c
> @@ -1060,8 +1060,10 @@ void console_select(unsigned int index)
>
> if (index >= MAX_CONSOLES)
> return;
> - active_console->g_width = ds_get_width(active_console->ds);
> - active_console->g_height = ds_get_height(active_console->ds);
> + if (active_console) {
> + active_console->g_width = ds_get_width(active_console->ds);
> + active_console->g_height = ds_get_height(active_console->ds);
> + }
> s = consoles[index];
> if (s) {
> DisplayState *ds = s->ds;


To avoid that still more people fix the same bug,
I'd appreciate shorter commit times for simple patches like this one.

Cheers,
Stefan

Acked-by: Stefan Weil <weil@mail.berlios.de>
Blue Swirl - Oct. 3, 2010, 7:52 a.m.
Thanks, applied.

On Mon, Sep 20, 2010 at 1:11 PM, Stefan Hajnoczi
<stefanha@linux.vnet.ibm.com> wrote:
> The console_select() function does not check that active_console is
> non-NULL before dereferencing it.  When invoked with qemu -nodefaults it
> is possible to hit this case.
>
> This patch checks that active_console is non-NULL before stashing away
> the old console dimensions in console_select().
>
> Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
> ---
>  console.c |    6 ++++--
>  1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/console.c b/console.c
> index 698bc10..c1728b1 100644
> --- a/console.c
> +++ b/console.c
> @@ -1060,8 +1060,10 @@ void console_select(unsigned int index)
>
>     if (index >= MAX_CONSOLES)
>         return;
> -    active_console->g_width = ds_get_width(active_console->ds);
> -    active_console->g_height = ds_get_height(active_console->ds);
> +    if (active_console) {
> +        active_console->g_width = ds_get_width(active_console->ds);
> +        active_console->g_height = ds_get_height(active_console->ds);
> +    }
>     s = consoles[index];
>     if (s) {
>         DisplayState *ds = s->ds;
> --
> 1.7.1
>
>
>

Patch

diff --git a/console.c b/console.c
index 698bc10..c1728b1 100644
--- a/console.c
+++ b/console.c
@@ -1060,8 +1060,10 @@  void console_select(unsigned int index)
 
     if (index >= MAX_CONSOLES)
         return;
-    active_console->g_width = ds_get_width(active_console->ds);
-    active_console->g_height = ds_get_height(active_console->ds);
+    if (active_console) {
+        active_console->g_width = ds_get_width(active_console->ds);
+        active_console->g_height = ds_get_height(active_console->ds);
+    }
     s = consoles[index];
     if (s) {
         DisplayState *ds = s->ds;