[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASReq
From: |
Paolo Bonzini |
Subject: |
[Qemu-devel] [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object |
Date: |
Thu, 15 Sep 2016 16:21:42 +0200 |
From: Li Qiang <address@hidden>
When processing IO request in mptsas, it uses g_new to allocate
a 'req' object. If an error occurs before 'req->sreq' is
allocated, It could lead to an OOB write in mptsas_free_request
function. Use g_new0 to avoid it.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-Id: <address@hidden>
Cc: address@hidden
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/scsi/mptsas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index 0e0a22f..eaae1bb 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -304,7 +304,7 @@ static int mptsas_process_scsi_io_request(MPTSASState *s,
goto bad;
}
- req = g_new(MPTSASRequest, 1);
+ req = g_new0(MPTSASRequest, 1);
QTAILQ_INSERT_TAIL(&s->pending, req, next);
req->scsi_io = *scsi_io;
req->dev = s;
--
1.8.3.1
- [Qemu-devel] [PULL 00/17] Second batch of misc patches for QEMU 2.8, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 01/17] scsi-disk: Cleaning up around tray open state, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 03/17] scsi: mptsas: use g_new0 to allocate MPTSASRequest object,
Paolo Bonzini <=
- [Qemu-devel] [PULL 02/17] virtio-scsi: Don't abort when media is ejected, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 04/17] cutils: Rewrite x86 buffer zero checking, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 05/17] Change net/socket.c to use socket_*() functions, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 06/17] memory: remove memory_region_destructor_rom_device, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 07/17] scsi: pvscsi: limit process IO loop to ring size, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 08/17] pc: apic: fix touch LAPIC when irqchip is split, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 09/17] target-i386: fix ordering of fields in CPUX86State, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 10/17] linux-user: complete omission of removing uses of strdup, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 11/17] build-sys: add make 'help' target, Paolo Bonzini, 2016/09/15
- [Qemu-devel] [PULL 12/17] qemu-char: avoid segfault if user lacks of permisson of a given logfile, Paolo Bonzini, 2016/09/15