qapi: Fix potential NULL pointer segfault

Message ID	1346484639-15141-1-git-send-email-sw@weilnetz.de
State	Accepted
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Stefan Weil <sw@weilnetz.de> To: Paolo Bonzini <pbonzini@redhat.com> Date: Sat, 1 Sep 2012 09:30:39 +0200 Message-Id: <1346484639-15141-1-git-send-email-sw@weilnetz.de> Cc: Stefan Weil <sw@weilnetz.de>, qemu-devel@nongnu.org Subject: [Qemu-devel] [PATCH] qapi: Fix potential NULL pointer segfault Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1346484639-15141-1-git-send-email-sw@weilnetz.de

State

Accepted

Headers

From: Stefan Weil <sw@weilnetz.de>
To: Paolo Bonzini <pbonzini@redhat.com>
Date: Sat,  1 Sep 2012 09:30:39 +0200
Message-Id: <1346484639-15141-1-git-send-email-sw@weilnetz.de>
Cc: Stefan Weil <sw@weilnetz.de>, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH] qapi: Fix potential NULL pointer segfault
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Stefan Weil Sept. 1, 2012, 7:30 a.m. UTC

Report from smatch:

qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
 we previously assumed 'obj' could be null (see line 1639)
qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
 we previously assumed 'obj' could be null (see line 2431)

Signed-off-by: Stefan Weil <sw@weilnetz.de>
---
 scripts/qapi-visit.py |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paolo Bonzini Sept. 3, 2012, 6:57 a.m. UTC | #1

Il 01/09/2012 09:30, Stefan Weil ha scritto:
> Report from smatch:
> 
> qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
>  we previously assumed 'obj' could be null (see line 1639)
> qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
>  we previously assumed 'obj' could be null (see line 2431)
> 
> Signed-off-by: Stefan Weil <sw@weilnetz.de>
> ---
>  scripts/qapi-visit.py |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
> index 2afc5c0..1a669f3 100644
> --- a/scripts/qapi-visit.py
> +++ b/scripts/qapi-visit.py
> @@ -157,7 +157,7 @@ void visit_type_%(name)s(Visitor *m, %(name)s ** obj, const char *name, Error **
>      if (!error_is_set(errp)) {
>          visit_start_struct(m, (void **)obj, "%(name)s", name, sizeof(%(name)s), &err);
>          if (!err) {
> -            if (!obj || *obj) {
> +            if (obj && *obj) {
>                  visit_type_%(name)sKind(m, &(*obj)->kind, "type", &err);
>                  if (!err) {
>                      switch ((*obj)->kind) {
> 

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Paolo

Luiz Capitulino Sept. 3, 2012, 4:34 p.m. UTC | #2

On Mon, 03 Sep 2012 08:57:36 +0200
Paolo Bonzini <pbonzini@redhat.com> wrote:

> Il 01/09/2012 09:30, Stefan Weil ha scritto:
> > Report from smatch:
> > 
> > qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
> >  we previously assumed 'obj' could be null (see line 1639)
> > qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
> >  we previously assumed 'obj' could be null (see line 2431)
> > 
> > Signed-off-by: Stefan Weil <sw@weilnetz.de>
> > ---
> >  scripts/qapi-visit.py |    2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
> > index 2afc5c0..1a669f3 100644
> > --- a/scripts/qapi-visit.py
> > +++ b/scripts/qapi-visit.py
> > @@ -157,7 +157,7 @@ void visit_type_%(name)s(Visitor *m, %(name)s ** obj, const char *name, Error **
> >      if (!error_is_set(errp)) {
> >          visit_start_struct(m, (void **)obj, "%(name)s", name, sizeof(%(name)s), &err);
> >          if (!err) {
> > -            if (!obj || *obj) {
> > +            if (obj && *obj) {
> >                  visit_type_%(name)sKind(m, &(*obj)->kind, "type", &err);
> >                  if (!err) {
> >                      switch ((*obj)->kind) {
> > 
> 
> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>

Is this for 1.2?

Although the fix is pretty obvious, it doesn't seem possible to trigger the
segfault today and I believe we're only accepting true bug fixes at this point
(ie. two days from the release).

Stefan Weil Sept. 3, 2012, 4:49 p.m. UTC | #3

Am 03.09.2012 18:34, schrieb Luiz Capitulino:
> On Mon, 03 Sep 2012 08:57:36 +0200
> Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>> Il 01/09/2012 09:30, Stefan Weil ha scritto:
>>> Report from smatch:
>>>
>>> qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
>>>   we previously assumed 'obj' could be null (see line 1639)
>>> qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
>>>   we previously assumed 'obj' could be null (see line 2431)
>>>
>>> Signed-off-by: Stefan Weil <sw@weilnetz.de>
>>> ---
>>>   scripts/qapi-visit.py |    2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
>>> index 2afc5c0..1a669f3 100644
>>> --- a/scripts/qapi-visit.py
>>> +++ b/scripts/qapi-visit.py
>>> @@ -157,7 +157,7 @@ void visit_type_%(name)s(Visitor *m, %(name)s ** obj, const char *name, Error **
>>>       if (!error_is_set(errp)) {
>>>           visit_start_struct(m, (void **)obj, "%(name)s", name, sizeof(%(name)s), &err);
>>>           if (!err) {
>>> -            if (!obj || *obj) {
>>> +            if (obj && *obj) {
>>>                   visit_type_%(name)sKind(m, &(*obj)->kind, "type", &err);
>>>                   if (!err) {
>>>                       switch ((*obj)->kind) {
>>>
>>
>> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
>
> Is this for 1.2?
>
> Although the fix is pretty obvious, it doesn't seem possible to trigger the
> segfault today and I believe we're only accepting true bug fixes at this point
> (ie. two days from the release).

As long as nobody has a scenario which triggers the bug,
there is no need to apply that patch before 1.2 is released.

That's why I did not add "for 1.2" to the subject line.

- sw

Luiz Capitulino Sept. 3, 2012, 4:52 p.m. UTC | #4

On Mon, 03 Sep 2012 18:49:54 +0200
Stefan Weil <sw@weilnetz.de> wrote:

> Am 03.09.2012 18:34, schrieb Luiz Capitulino:
> > On Mon, 03 Sep 2012 08:57:36 +0200
> > Paolo Bonzini <pbonzini@redhat.com> wrote:
> >
> >> Il 01/09/2012 09:30, Stefan Weil ha scritto:
> >>> Report from smatch:
> >>>
> >>> qapi-visit.c:1640 visit_type_BlockdevAction(8) error:
> >>>   we previously assumed 'obj' could be null (see line 1639)
> >>> qapi-visit.c:2432 visit_type_NetClientOptions(8) error:
> >>>   we previously assumed 'obj' could be null (see line 2431)
> >>>
> >>> Signed-off-by: Stefan Weil <sw@weilnetz.de>
> >>> ---
> >>>   scripts/qapi-visit.py |    2 +-
> >>>   1 file changed, 1 insertion(+), 1 deletion(-)
> >>>
> >>> diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
> >>> index 2afc5c0..1a669f3 100644
> >>> --- a/scripts/qapi-visit.py
> >>> +++ b/scripts/qapi-visit.py
> >>> @@ -157,7 +157,7 @@ void visit_type_%(name)s(Visitor *m, %(name)s ** obj, const char *name, Error **
> >>>       if (!error_is_set(errp)) {
> >>>           visit_start_struct(m, (void **)obj, "%(name)s", name, sizeof(%(name)s), &err);
> >>>           if (!err) {
> >>> -            if (!obj || *obj) {
> >>> +            if (obj && *obj) {
> >>>                   visit_type_%(name)sKind(m, &(*obj)->kind, "type", &err);
> >>>                   if (!err) {
> >>>                       switch ((*obj)->kind) {
> >>>
> >>
> >> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
> >
> > Is this for 1.2?
> >
> > Although the fix is pretty obvious, it doesn't seem possible to trigger the
> > segfault today and I believe we're only accepting true bug fixes at this point
> > (ie. two days from the release).
> 
> As long as nobody has a scenario which triggers the bug,
> there is no need to apply that patch before 1.2 is released.
> 
> That's why I did not add "for 1.2" to the subject line.

Applied to qmp-next, thanks.

diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index 2afc5c0..1a669f3 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -157,7 +157,7 @@  void visit_type_%(name)s(Visitor *m, %(name)s ** obj, const char *name, Error **
     if (!error_is_set(errp)) {
         visit_start_struct(m, (void **)obj, "%(name)s", name, sizeof(%(name)s), &err);
         if (!err) {
-            if (!obj || *obj) {
+            if (obj && *obj) {
                 visit_type_%(name)sKind(m, &(*obj)->kind, "type", &err);
                 if (!err) {
                     switch ((*obj)->kind) {

qapi: Fix potential NULL pointer segfault

Commit Message

Comments

Patch