From patchwork Mon Nov 5 21:38:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Liam Merwick X-Patchwork-Id: 993410 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="uMt2VdoX"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42pmSN1PxYz9sDC for ; Tue, 6 Nov 2018 08:45:24 +1100 (AEDT) Received: from localhost ([::1]:37730 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gJmgT-0005kG-RU for incoming@patchwork.ozlabs.org; Mon, 05 Nov 2018 16:45:21 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36219) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gJmaP-0007IA-Ld for qemu-devel@nongnu.org; Mon, 05 Nov 2018 16:39:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gJmaK-0003FY-W1 for qemu-devel@nongnu.org; Mon, 05 Nov 2018 16:39:04 -0500 Received: from userp2130.oracle.com ([156.151.31.86]:50394) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gJma6-0002bV-DF; Mon, 05 Nov 2018 16:38:49 -0500 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id wA5LSxOo143573; Mon, 5 Nov 2018 21:38:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=mcbzKCHvjgV8moMSzWYsYXNdgK4f/bYXNfuEfp1W5+Q=; b=uMt2VdoX18MvZkfGu8U5gB7TdgSygVSCoUtAQ8FqlSXS58EvybKW+T2J5iVtD2bIoy/j B18r6/wkgMMhv9fJ2fYjlQE/1zOYGkrlQSHs5hYTAHfgFvBBB9lm7+7p/h5217EaMIfu JnO5dA0NfpJcOYm2tGODmRgKP8PSDdFB0g/H+W2ZtWCKz+1kIcCQltvNrml2GQ4trr1S kP9+++y/hSiFr+COTusx/lUTyyyMHhPMiguTN6bcNrhCOgauE1GGQIb3/dcwOmhjbhDx cvPEUvtCBRIeGz+HPeMDwSo9m8hqIADtInZ11keb6UYCC34y3w+JRZzqZgcCfCTu05L/ 2Q== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2nh33tsr4b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 05 Nov 2018 21:38:29 +0000 Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id wA5LcNsM012821 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 5 Nov 2018 21:38:24 GMT Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id wA5LcNI9023731; Mon, 5 Nov 2018 21:38:23 GMT Received: from ol7.uk.oracle.com (/10.175.201.67) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 05 Nov 2018 13:38:23 -0800 From: Liam Merwick To: qemu-devel@nongnu.org Date: Mon, 5 Nov 2018 21:38:34 +0000 Message-Id: <1541453919-25973-1-git-send-email-Liam.Merwick@oracle.com> X-Mailer: git-send-email 1.8.3.1 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9068 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1811050190 X-MIME-Autoconverted: from 8bit to quoted-printable by userp2130.oracle.com id wA5LSxOo143573 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 156.151.31.86 Subject: [Qemu-devel] [PATCH v5 0/5] off-by-one and NULL pointer accesses detected by static analysis X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kwolf@redhat.com, jsnow@redhat.com, qemu-block@nongnu.org, mreitz@redhat.com Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Below are a number of fixes to some off-by-one, read outside array bounds, and NULL pointer accesses detected by an internal Oracle static analysis tool (Parfait). https://labs.oracle.com/pls/apex/f?p=labs:49:::::P49_PROJECT_ID:13 v1 -> v2 Based on feedback from Eric Blake: patch2: reworded commit message to clarify issue patch6: Reverted common qlist routines and added assert to qlist_dump instead patch7: Fixed incorrect logic patch8: Added QEMU_BUILD_BUG_ON to catch future Ń–nstance at compile-time v2 -> v3 Based on feedback from Eric Blake: patch6: removed double space from commit message patch8: removed unnecessary comment and updated QEMU_BUILD_BUG_ON to use ARRAY_SIZE Added Eric's R-b to patches 6,7,8 v3 -> v4 Based on feedback from Max Reitz: patch2: Added R-b from John Snow patch3: fixed blk_get_attached_dev_id() instead of checking return value patch4: switched to assert() patch5: numerous changes based on feedback from Max patch6: updated commit message patch7: (was patch8): Added Max's R-b patch8: (new): patch fixing NULL pointer dereference in kvm_arch_init_vcpu() v4 -> v5 Based on further feedback from Max Reitz: Dropped v4 patch1 (configure --disable-avx2) as Thomas Huth already pulled it. Dropped v4 patch6 (dump_qlist) as it was just an unnecessary assert Dropped v4 patch8 'patch fixing NULL pointer dereference in kvm_arch_init_vcpu()' so as to limit this seies to block changes (will send in a separate series). patch1: no change (v4 patch2) patch2: Switched to using ?: in return (v4 patch3) patch3: Added Max's R-b (v4 patch4) patch4: couple of changes based on feedback from Max (v4 patch5) patch5: no change (v4 patch7) Liam Merwick (5): job: Fix off-by-one assert checks for JobSTT and JobVerbTable block: Null pointer dereference in blk_root_get_parent_desc() qemu-img: assert block_job_get() does not return NULL in img_commit() block: Fix potential Null pointer dereferences in vvfat.c qcow2: Read outside array bounds in qcow2_pre_write_overlap_check() block/block-backend.c | 3 ++- block/qcow2-refcount.c | 18 ++++++++++-------- block/vvfat.c | 49 +++++++++++++++++++++++++++++++++---------------- job.c | 4 ++-- qemu-img.c | 1 + 5 files changed, 48 insertions(+), 27 deletions(-)