| Message ID | 20190924200902.4703-3-vsementsov@virtuozzo.com |
|---|---|
| State | New |
| Headers | show |
| Series | error: auto propagated local_err | expand |
On 9/24/19 3:08 PM, Vladimir Sementsov-Ogievskiy wrote: > fit_load_fdt forget to zero errp. Fix it. > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> > Reviewed-by: Eric Blake <eblake@redhat.com> > --- > hw/core/loader-fit.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/core/loader-fit.c b/hw/core/loader-fit.c > index 953b16bc82..11e4fad595 100644 > --- a/hw/core/loader-fit.c > +++ b/hw/core/loader-fit.c > @@ -201,6 +201,7 @@ static int fit_load_fdt(const struct fit_loader *ldr, const void *itb, > if (err == -ENOENT) { > load_addr = ROUND_UP(kernel_end, 64 * KiB) + (10 * MiB); > error_free(*errp); > + *errp = NULL; Actually, let's drop my R-b - I think we have a bigger bug here. We are blindly dereferencing *errp even if the caller passed in NULL. The correct way to write this function requires either the use of local_err or the addition of auto-propagation. (In v2, you still had this bug - your addition of error_free_errp(errp) would still blindly dereference *errp, unless you tweak the implementation of error_free_errp to tolerate a NULL pointer input)
24.09.2019 23:38, Eric Blake wrote: > On 9/24/19 3:08 PM, Vladimir Sementsov-Ogievskiy wrote: >> fit_load_fdt forget to zero errp. Fix it. >> >> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> >> Reviewed-by: Eric Blake <eblake@redhat.com> >> --- >> hw/core/loader-fit.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/hw/core/loader-fit.c b/hw/core/loader-fit.c >> index 953b16bc82..11e4fad595 100644 >> --- a/hw/core/loader-fit.c >> +++ b/hw/core/loader-fit.c >> @@ -201,6 +201,7 @@ static int fit_load_fdt(const struct fit_loader *ldr, const void *itb, >> if (err == -ENOENT) { >> load_addr = ROUND_UP(kernel_end, 64 * KiB) + (10 * MiB); >> error_free(*errp); >> + *errp = NULL; > > Actually, let's drop my R-b - I think we have a bigger bug here. We are > blindly dereferencing *errp even if the caller passed in NULL. The > correct way to write this function requires either the use of local_err > or the addition of auto-propagation. > > (In v2, you still had this bug - your addition of error_free_errp(errp) > would still blindly dereference *errp, unless you tweak the > implementation of error_free_errp to tolerate a NULL pointer input) > Oops, you are right! Still, I think in this case we can if (errp) { error_free(*errp); *errp = NULL; }
25.09.2019 10:23, Vladimir Sementsov-Ogievskiy wrote: > 24.09.2019 23:38, Eric Blake wrote: >> On 9/24/19 3:08 PM, Vladimir Sementsov-Ogievskiy wrote: >>> fit_load_fdt forget to zero errp. Fix it. >>> >>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> >>> Reviewed-by: Eric Blake <eblake@redhat.com> >>> --- >>> hw/core/loader-fit.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/hw/core/loader-fit.c b/hw/core/loader-fit.c >>> index 953b16bc82..11e4fad595 100644 >>> --- a/hw/core/loader-fit.c >>> +++ b/hw/core/loader-fit.c >>> @@ -201,6 +201,7 @@ static int fit_load_fdt(const struct fit_loader *ldr, const void *itb, >>> if (err == -ENOENT) { >>> load_addr = ROUND_UP(kernel_end, 64 * KiB) + (10 * MiB); >>> error_free(*errp); >>> + *errp = NULL; >> >> Actually, let's drop my R-b - I think we have a bigger bug here. We are >> blindly dereferencing *errp even if the caller passed in NULL. The >> correct way to write this function requires either the use of local_err >> or the addition of auto-propagation. >> >> (In v2, you still had this bug - your addition of error_free_errp(errp) >> would still blindly dereference *errp, unless you tweak the >> implementation of error_free_errp to tolerate a NULL pointer input) >> > > Oops, you are right! Still, I think in this case we can > > if (errp) { > error_free(*errp); > *errp = NULL; > } > Hmm, possibly, it should be called not error_free_errp, but just error_unset, to be correct pair to error_set.
diff --git a/hw/core/loader-fit.c b/hw/core/loader-fit.c index 953b16bc82..11e4fad595 100644 --- a/hw/core/loader-fit.c +++ b/hw/core/loader-fit.c @@ -201,6 +201,7 @@ static int fit_load_fdt(const struct fit_loader *ldr, const void *itb, if (err == -ENOENT) { load_addr = ROUND_UP(kernel_end, 64 * KiB) + (10 * MiB); error_free(*errp); + *errp = NULL; } else if (err) { error_prepend(errp, "unable to read FDT load address from FIT: "); ret = err;