{"id":813010,"url":"http://patchwork.ozlabs.org/api/patches/813010/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/150524208504.32496.18214181791773634133.stgit@bahia/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<150524208504.32496.18214181791773634133.stgit@bahia>","list_archive_url":null,"date":"2017-09-12T18:48:05","name":"spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events()","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"25a938831d4874b3858e7a9a5a226fb71dbcfc47","submitter":{"id":69178,"url":"http://patchwork.ozlabs.org/api/people/69178/?format=json","name":"Greg Kurz","email":"groug@kaod.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/150524208504.32496.18214181791773634133.stgit@bahia/mbox/","series":[{"id":2757,"url":"http://patchwork.ozlabs.org/api/series/2757/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=2757","date":"2017-09-12T18:48:05","name":"spapr_events: use QTAILQ_FOREACH_SAFE() in spapr_clear_pending_events()","version":1,"mbox":"http://patchwork.ozlabs.org/series/2757/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/813010/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/813010/checks/","tags":{},"related":[],"headers":{"Return-Path":"<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=<UNKNOWN>)","Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xsDN16hnnz9s7g\n\tfor <incoming@patchwork.ozlabs.org>;\n\tWed, 13 Sep 2017 04:48:45 +1000 (AEST)","from localhost ([::1]:38129 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)\n\tid 1drqEk-0004Ml-G3\n\tfor incoming@patchwork.ozlabs.org; Tue, 12 Sep 2017 14:48:42 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:58770)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from <groug@kaod.org>) id 1drqER-0004MW-1n\n\tfor qemu-devel@nongnu.org; Tue, 12 Sep 2017 14:48:23 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from <groug@kaod.org>) id 1drqEN-0005hE-UO\n\tfor qemu-devel@nongnu.org; Tue, 12 Sep 2017 14:48:23 -0400","from 3.mo2.mail-out.ovh.net ([46.105.58.226]:41048)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from <groug@kaod.org>) id 1drqEN-0005gr-O6\n\tfor qemu-devel@nongnu.org; Tue, 12 Sep 2017 14:48:19 -0400","from player770.ha.ovh.net (b6.ovh.net [213.186.33.56])\n\tby mo2.mail-out.ovh.net (Postfix) with ESMTP id D2245AB4D1\n\tfor <qemu-devel@nongnu.org>; Tue, 12 Sep 2017 20:48:17 +0200 (CEST)","from [192.168.0.243] (gar31-1-82-66-74-139.fbx.proxad.net\n\t[82.66.74.139]) (Authenticated sender: groug@kaod.org)\n\tby player770.ha.ovh.net (Postfix) with ESMTPA id 687783C0072;\n\tTue, 12 Sep 2017 20:48:12 +0200 (CEST)"],"From":"Greg Kurz <groug@kaod.org>","To":"qemu-devel@nongnu.org","Date":"Tue, 12 Sep 2017 20:48:05 +0200","Message-ID":"<150524208504.32496.18214181791773634133.stgit@bahia>","User-Agent":"StGit/0.17.1-46-g6855-dirty","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"7bit","X-Ovh-Tracer-Id":"3166312017149466897","X-VR-SPAMSTATE":"OK","X-VR-SPAMSCORE":"-100","X-VR-SPAMCAUSE":"gggruggvucftvghtrhhoucdtuddrfeelledrgedvgdduvdefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddm","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"46.105.58.226","Subject":"[Qemu-devel] [PATCH] spapr_events: use QTAILQ_FOREACH_SAFE() in\n\tspapr_clear_pending_events()","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"<qemu-devel.nongnu.org>","List-Unsubscribe":"<https://lists.nongnu.org/mailman/options/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>","List-Archive":"<http://lists.nongnu.org/archive/html/qemu-devel/>","List-Post":"<mailto:qemu-devel@nongnu.org>","List-Help":"<mailto:qemu-devel-request@nongnu.org?subject=help>","List-Subscribe":"<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n\t<mailto:qemu-devel-request@nongnu.org?subject=subscribe>","Cc":"Peter Maydell <peter.maydell@linaro.org>,\n\tDaniel Henrique Barboza <danielhb@linux.vnet.ibm.com>,\n\tqemu-ppc@nongnu.org, David Gibson <david@gibson.dropbear.id.au>","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>"},"content":"QTAILQ_FOREACH_SAFE() must be used when removing the current element\ninside the loop block.\n\nThis fixes a user-after-free error introduced by commit 56258174238eb\nand reported by Coverity (CID 1381017).\n\nSigned-off-by: Greg Kurz <groug@kaod.org>\n---\n hw/ppc/spapr_events.c |    4 ++--\n 1 file changed, 2 insertions(+), 2 deletions(-)","diff":"diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c\nindex 66b8164f30be..e377fc7ddea2 100644\n--- a/hw/ppc/spapr_events.c\n+++ b/hw/ppc/spapr_events.c\n@@ -702,9 +702,9 @@ static void event_scan(PowerPCCPU *cpu, sPAPRMachineState *spapr,\n \n void spapr_clear_pending_events(sPAPRMachineState *spapr)\n {\n-    sPAPREventLogEntry *entry = NULL;\n+    sPAPREventLogEntry *entry = NULL, *next_entry;\n \n-    QTAILQ_FOREACH(entry, &spapr->pending_events, next) {\n+    QTAILQ_FOREACH_SAFE(entry, &spapr->pending_events, next, next_entry) {\n         QTAILQ_REMOVE(&spapr->pending_events, entry, next);\n         g_free(entry->extended_log);\n         g_free(entry);\n","prefixes":[]}