[2/2] qemu queue: fix uninitialized removals

Message ID	1349796101-6660-3-git-send-email-thardeck@suse.de
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Tim Hardeck <thardeck@suse.de> To: qemu-devel@nongnu.org Date: Tue, 9 Oct 2012 17:21:41 +0200 Message-Id: <1349796101-6660-3-git-send-email-thardeck@suse.de> In-Reply-To: <1349796101-6660-1-git-send-email-thardeck@suse.de> References: <1349796101-6660-1-git-send-email-thardeck@suse.de> Cc: Tim Hardeck <thardeck@suse.de>, aliguori@us.ibm.com Subject: [Qemu-devel] [PATCH 2/2] qemu queue: fix uninitialized removals Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1349796101-6660-3-git-send-email-thardeck@suse.de

State

New

Headers

From: Tim Hardeck <thardeck@suse.de>
To: qemu-devel@nongnu.org
Date: Tue,  9 Oct 2012 17:21:41 +0200
Message-Id: <1349796101-6660-3-git-send-email-thardeck@suse.de>
In-Reply-To: <1349796101-6660-1-git-send-email-thardeck@suse.de>
References: <1349796101-6660-1-git-send-email-thardeck@suse.de>
Cc: Tim Hardeck <thardeck@suse.de>, aliguori@us.ibm.com
Subject: [Qemu-devel] [PATCH 2/2] qemu queue: fix uninitialized removals
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Tim Hardeck Oct. 9, 2012, 3:21 p.m. UTC

When calling QTAILQ_REMOVE or QLIST_REMOVE on an unitialized list
QEMU segfaults.

Check for this case specifically on item removal.

Signed-off-by: Tim Hardeck <thardeck@suse.de>
---
 qemu-queue.h |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/qemu-queue.h b/qemu-queue.h
index 9288cd8..47ed239 100644
--- a/qemu-queue.h
+++ b/qemu-queue.h
@@ -141,7 +141,9 @@  struct {                                                                \
         if ((elm)->field.le_next != NULL)                               \
                 (elm)->field.le_next->field.le_prev =                   \
                     (elm)->field.le_prev;                               \
-        *(elm)->field.le_prev = (elm)->field.le_next;                   \
+        if ((elm)->field.le_prev != NULL) {                             \
+            *(elm)->field.le_prev = (elm)->field.le_next;               \
+        }                                                               \
 } while (/*CONSTCOND*/0)
 
 #define QLIST_FOREACH(var, head, field)                                 \
@@ -381,7 +383,9 @@  struct {                                                                \
                     (elm)->field.tqe_prev;                              \
         else                                                            \
                 (head)->tqh_last = (elm)->field.tqe_prev;               \
-        *(elm)->field.tqe_prev = (elm)->field.tqe_next;                 \
+        if ((elm)->field.tqe_prev != NULL) {                            \
+            *(elm)->field.tqe_prev = (elm)->field.tqe_next;             \
+        }                                                               \
 } while (/*CONSTCOND*/0)
 
 #define QTAILQ_FOREACH(var, head, field)                                \

[2/2] qemu queue: fix uninitialized removals

Commit Message

Patch